Does my Crowdsec block correctly?
Hello so I am really sorry but I am quite new to this
and did read a lot through the documentation, but just based on the provided documentation I am not quite sure yet if I did set everything up correctly now and if Crowdsec is correctly banning untrusted IPs.
I previously used Zoraxy, but because of Crowdsec I just switched to plain nginx now (I know NGINX Proxy Manager exists, but I wanted to use NGINX)
My steps are as follows:
1. curl -s https://install.crowdsec.net | sudo sh
2. apt install crowdsec
3. sudo apt install nginx lua5.1 libnginx-mod-http-lua luarocks gettext-base lua-cjson
4. sudo apt install crowdsec-nginx-bouncer
5. sudo cscli console enroll -e context cm9zz0tqo000fl20603e0sfg3
So and now I am at a point where I don't know if I have to change anything else. I looked through here:
https://docs.crowdsec.net/u/bouncers/nginx/
And underneath it tells me some configuration files, but based on the docs I am not quite sure if I need to change a lot. I am already getting some Alerts on my dashboard but is the blocking part working too?
I typed cscli decisions list and can see one IP on there where 2days are left.
Does this mean it is blocked correctly?
6 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
Because I am not sure if I need to change anything in the configs
You can try to ban yourself with cscli:
cscli decisions add -i YOUR_IP -d 2m (this will ban you for 2 minutes), then try to access anything served by nginx.
With a default nginx config and a simple deployment (crowdsec + nginx on the same machine), you should not need to change anything for it to workok yeah it kinda seems to work, but only for stuff that is not proxied through cloudflare, but that probably is because the IP that I use to access then would be another one since that gets proxied too right?
depending on your nginx config, that's expected
If nginx is not configured to log the actual client IP when handling a request from cloudflare, the logged IP will be one of cloudflare.
You need to configure nginx to use the
cf-connecting-ip header as the client IP (https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/)Cloudflare Docs
Restoring original visitor IPs
When your website traffic is routed through the Cloudflare network, we act as a reverse proxy. This allows Cloudflare to speed up page load time by routing packets more efficiently and caching static resources (images, JavaScript, CSS, etc.). As a result, when responding to requests and logging them, your origin server returns a Cloudflare IP ad...
Ok will check this out when I am home!