C
CrowdSec3mo ago
mb

Question creating Postoverflow Whitelist

I want to create a postoverflow whitelist, so my dynamic IP address from my ISP won't get blocked, when I access and test configurations on my cloud machines. DynDNS is configured. I already installed the postverflow rdns parser : https://app.crowdsec.net/hub/author/crowdsecurity/postoverflows/rdns 
────────────────────────────────────────────────────────────────────────────────────────────
 POSTOVERFLOWS                                                                              
────────────────────────────────────────────────────────────────────────────────────────────
 Name                📦 Status    Version  Local Path                                       
────────────────────────────────────────────────────────────────────────────────────────────
 crowdsecurity/rdns  ✔️  enabled  0.3      /etc/crowdsec/postoverflows/s00-enrich/rdns.yaml 
────────────────────────────────────────────────────────────────────────────────────────────
 POSTOVERFLOWS                                                                              
────────────────────────────────────────────────────────────────────────────────────────────
 Name                📦 Status    Version  Local Path                                       
────────────────────────────────────────────────────────────────────────────────────────────
 crowdsecurity/rdns  ✔️  enabled  0.3      /etc/crowdsec/postoverflows/s00-enrich/rdns.yaml
I was looking at the examples from the documentation: https://docs.crowdsec.net/docs/v1.4.0/whitelist/create It says to put the whitelist yaml file in 
/etc/crowdsec/postoverflows/s01-whitelist/
/etc/crowdsec/postoverflows/s01-whitelist/
But when I was looking for that folder I only found 
/etc/crowdsec/postoverflows/s00-enrich
/etc/crowdsec/postoverflows/s00-enrich
where the rdns.yaml is available. Is this by any chance an outdated instruction and not applicable to a newer version of crowdsec and do I have to create that folder myself manually? But there is also a whitelist.yaml inside: 
/etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/whitelists.yaml
/etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/whitelists.yaml
But I guess this is the Parser Whitelist and not the Postoverflow whitelist as mentioned in the documentation.
Creating whitelist | CrowdSec
When a whitelist is present in parsing /etc/crowdsec/parsers/..., it will be checked/discarded before being poured to any bucket. These whitelists intentionally generate no logs and are useful to discard noisy false positive sources.
4 Replies
CrowdSec
CrowdSec3mo ago
Important Information
This post has been marked as resolved. If this is a mistake please press the red button below or type /unresolve
© Created By WhyAydan for CrowdSec ❤️
Max
Max3mo ago
1.4.0 is quite old, check out the docs of a recent version https://docs.crowdsec.net/u/getting_started/post_installation/whitelists/#dynamic-ip-address https://docs.crowdsec.net/docs/next/log_processor/whitelist/create_postoverflow/
Postoverflow | CrowdSec
Whitelist in PostOverflows
Whitelists | CrowdSec
Whitelists are a way to tell CrowdSec to ignore certain events or IP addresses. This can be useful if you have a static IP address that you know is safe, or if you have a service that could generates a lot of false triggers by loading alot of thumbnails, images or fonts.
mb
mbOP3mo ago
Thank you, I will check this newer version 😄 Ok found my answer 
Postoverflow whitelist folders do not exist by default so you MUST manually create them
Postoverflow whitelist folders do not exist by default so you MUST manually create them
Thank you again for providing me with a newer documentation.
CrowdSec
CrowdSec3mo ago
Resolving Question creating Postoverflow Whitelist This has now been resolved. If you think this is a mistake please run /unresolve

Did you find this page helpful?