Whitelist user agent from file

Hi,
I try to write a whitelist parser, to whitelist user agent from a file. (stored in parsers/s02-enrich).
This is the parser that I write :

name: si/si_wl_useragent_ai
description: "Whitelist UA AI"
whitelist:
  reason: "Whitelist UA AI"
  expression:
    - "any(File('useragent_ai.txt'), { evt.Parsed.http_user_agent contains # })"
data:
  - source_url: https://data.srvsi.com/useragent_ai.txt
    dest_file: useragent_ai.txt
    type: string

name: si/si_wl_useragent_ai
description: "Whitelist UA AI"
whitelist:
  reason: "Whitelist UA AI"
  expression:
    - "any(File('useragent_ai.txt'), { evt.Parsed.http_user_agent contains # })"
data:
  - source_url: https://data.srvsi.com/useragent_ai.txt
    dest_file: useragent_ai.txt
    type: string

And some extract from the file :

GoogleOther
GoogleOther-Image
GoogleOther-Video
GPTBot
iaskspider/2.0
ICC-Crawler
ImagesiftBot

GoogleOther
GoogleOther-Image
GoogleOther-Video
GPTBot
iaskspider/2.0
ICC-Crawler
ImagesiftBot

The parser is loaded correctly :

time="2025-06-10T05:10:07+02:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/si-useragent-ai.yaml stage=s02-enrich

time="2025-06-10T05:10:07+02:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/si-useragent-ai.yaml stage=s02-enrich

I have probably missed something, any idea on how I can fix this ?

CrowdSec•10mo ago•

11 replies

Sich

Whitelist user agent from file

Hi,
I try to write a whitelist parser, to whitelist user agent from a file. (stored in parsers/s02-enrich).
This is the parser that I write :

name: si/si_wl_useragent_ai
description: "Whitelist UA AI"
whitelist:
  reason: "Whitelist UA AI"
  expression:
    - "any(File('useragent_ai.txt'), { evt.Parsed.http_user_agent contains # })"
data:
  - source_url: https://data.srvsi.com/useragent_ai.txt
    dest_file: useragent_ai.txt
    type: string

name: si/si_wl_useragent_ai
description: "Whitelist UA AI"
whitelist:
  reason: "Whitelist UA AI"
  expression:
    - "any(File('useragent_ai.txt'), { evt.Parsed.http_user_agent contains # })"
data:
  - source_url: https://data.srvsi.com/useragent_ai.txt
    dest_file: useragent_ai.txt
    type: string

And some extract from the file :

GoogleOther
GoogleOther-Image
GoogleOther-Video
GPTBot
iaskspider/2.0
ICC-Crawler
ImagesiftBot

GoogleOther
GoogleOther-Image
GoogleOther-Video
GPTBot
iaskspider/2.0
ICC-Crawler
ImagesiftBot

The parser is loaded correctly :

time="2025-06-10T05:10:07+02:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/si-useragent-ai.yaml stage=s02-enrich

time="2025-06-10T05:10:07+02:00" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/si-useragent-ai.yaml stage=s02-enrich

I have probably missed something, any idea on how I can fix this ?

Whitelist user agent from file

Similar Threads

Whitelist user agent from file

Similar Threads

Similar Threads

Similar Threads