Crowdsec banning local IP by default
Hello,
I am using crowdsec with bouncer-traefik as stack and traefik in different container but in same host.
Everything is up and running but I can not access any of the service I have, it says "Forbiden" on top left corner.
Ban - log
────────────────────────────────────────────── Name whitelist
Description created from the docs
Created at 2025-07-25T11:59:46.880Z Updated at 2025-07-25T12:00:08.749Z Managed by Console no
────────────────────────────────────────────── ─────────────────────────────────────────────────────────── Value Comment Expiration Created at
─────────────────────────────────────────────────────────── 192.168.10.100 never 2025-07-25T12:00:08Z ─────────────────────────────────────────────────────────── / # ` Any idea?
time="2025-07-25T15:03:38+02:00" level=info msg="172.18.0.5 - [Fri, 25 Jul 2025 15:03:38 CEST] \"GET /v1/decisions?type=ban&ip=192.168.10.100 HTTP/1.1 403 393.29µs \"Go-http-client/1.1\" \""
/# docker exec -it crowdsec /bin/sh
/ # cscli alerts list
No active alerts
/ # cscli decisions list
No active decisions
/ # cscli metrics
I GOT METRICS HERE DELETED TO SHORTEN THE MESSAGE
/ # cscli allowlists inspect whitelist
──────────────────────────────────────────────
Allowlist: whitelist────────────────────────────────────────────── Name whitelist
Description created from the docs
Created at 2025-07-25T11:59:46.880Z Updated at 2025-07-25T12:00:08.749Z Managed by Console no
────────────────────────────────────────────── ─────────────────────────────────────────────────────────── Value Comment Expiration Created at
─────────────────────────────────────────────────────────── 192.168.10.100 never 2025-07-25T12:00:08Z ─────────────────────────────────────────────────────────── / # ` Any idea?
4 Replies
Important Information
This post has been marked as resolved. If this is a mistake please press the red button below or type
/unresolve© Created By WhyAydan for CrowdSec ❤️
It looks like the bouncer is misconfigured: it gets a 403 response from LAPI, so it cannot check the decisions and I think the default behaviour of the traefik bouncer is to block traffic if LAPI is not available
Make sure the bouncer API key is correct in the bouncer configuration
I delete old one created new one and recreated services but it is same. And I do not see any error in crowdsec log except this:
time="2025-07-25T15:28:07+02:00" level=error msg="Machine is not enrolled in the console, can't synchronize with the console"
root@network:/# docker exec -it crowdsec cscli bouncers list
─────────────────────────────────────────────────────────────────────────────
Name IP Address Valid Last API pull Type Version Auth Type
─────────────────────────────────────────────────────────────────────────────
bouncer-traefik ✔️ api-key
─────────────────────────────────────────────────────────────────────────────
root@network:/#
okay i tried delete and recreated api key again. and chatgpt told me to manually try to connect with that key which was succeeded. Than I've changed API in in yaml, now it works.Resolving Crowdsec banning local IP by default
This has now been resolved. If you think this is a mistake please run
/unresolve