Caddy Appsec

Hi!

I have setup crowdsec with https://github.com/hslatman/caddy-crowdsec-bouncer.
But im not sure if appec is working as it should, have I missed anything?

In my caddy config I have

    # CrowdSec global configuration
    crowdsec {
        api_url http://192.168.1.19:8080
        api_key redacted
        ticker_interval 60s
        disable_streaming
        appsec_url http://localhost:7422
    }

    # CrowdSec global configuration
    crowdsec {
        api_url http://192.168.1.19:8080
        api_key redacted
        ticker_interval 60s
        disable_streaming
        appsec_url http://localhost:7422
    }

These are my collections

 crowdsecurity/appsec-generic-rules     ✔️  enabled  1.0      /etc/crowdsec/collections/appsec-generic-rules.yaml    
 crowdsecurity/appsec-virtual-patching  ✔️  enabled  7.4      /etc/crowdsec/collections/appsec-virtual-patching.yaml 
 crowdsecurity/base-http-scenarios      ✔️  enabled  1.2      /etc/crowdsec/collections/base-http-scenarios.yaml     
 crowdsecurity/caddy                    ✔️  enabled  0.1      /etc/crowdsec/collections/caddy.yaml                   
 crowdsecurity/http-cve                 ✔️  enabled  2.9      /etc/crowdsec/collections/http-cve.yaml                
 crowdsecurity/linux                    ✔️  enabled  0.3      /etc/crowdsec/collections/linux.yaml                   
 crowdsecurity/sshd                     ✔️  enabled  0.7      /etc/crowdsec/collections/sshd.yaml                    
 crowdsecurity/whitelist-good-actors    ✔️  enabled  0.2      /etc/crowdsec/collections/whitelist-good-actors.yaml

 crowdsecurity/appsec-generic-rules     ✔️  enabled  1.0      /etc/crowdsec/collections/appsec-generic-rules.yaml    
 crowdsecurity/appsec-virtual-patching  ✔️  enabled  7.4      /etc/crowdsec/collections/appsec-virtual-patching.yaml 
 crowdsecurity/base-http-scenarios      ✔️  enabled  1.2      /etc/crowdsec/collections/base-http-scenarios.yaml     
 crowdsecurity/caddy                    ✔️  enabled  0.1      /etc/crowdsec/collections/caddy.yaml                   
 crowdsecurity/http-cve                 ✔️  enabled  2.9      /etc/crowdsec/collections/http-cve.yaml                
 crowdsecurity/linux                    ✔️  enabled  0.3      /etc/crowdsec/collections/linux.yaml                   
 crowdsecurity/sshd                     ✔️  enabled  0.7      /etc/crowdsec/collections/sshd.yaml                    
 crowdsecurity/whitelist-good-actors    ✔️  enabled  0.2      /etc/crowdsec/collections/whitelist-good-actors.yaml

and lastly my /etc/crowdsec/acquis.d/appsec.yaml file

listen_addr: 0.0.0.0:7422
appsec_config: crowdsecurity/appsec-default
name: caddy-appsec
source: appsec
labels:
  type: appsec

listen_addr: 0.0.0.0:7422
appsec_config: crowdsecurity/appsec-default
name: caddy-appsec
source: appsec
labels:
  type: appsec

Caddy Appsec

Hi!

I have setup crowdsec with https://github.com/hslatman/caddy-crowdsec-bouncer.
But im not sure if appec is working as it should, have I missed anything?

In my caddy config I have

    # CrowdSec global configuration
    crowdsec {
        api_url http://192.168.1.19:8080
        api_key redacted
        ticker_interval 60s
        disable_streaming
        appsec_url http://localhost:7422
    }

    # CrowdSec global configuration
    crowdsec {
        api_url http://192.168.1.19:8080
        api_key redacted
        ticker_interval 60s
        disable_streaming
        appsec_url http://localhost:7422
    }

These are my collections

 crowdsecurity/appsec-generic-rules     ✔️  enabled  1.0      /etc/crowdsec/collections/appsec-generic-rules.yaml    
 crowdsecurity/appsec-virtual-patching  ✔️  enabled  7.4      /etc/crowdsec/collections/appsec-virtual-patching.yaml 
 crowdsecurity/base-http-scenarios      ✔️  enabled  1.2      /etc/crowdsec/collections/base-http-scenarios.yaml     
 crowdsecurity/caddy                    ✔️  enabled  0.1      /etc/crowdsec/collections/caddy.yaml                   
 crowdsecurity/http-cve                 ✔️  enabled  2.9      /etc/crowdsec/collections/http-cve.yaml                
 crowdsecurity/linux                    ✔️  enabled  0.3      /etc/crowdsec/collections/linux.yaml                   
 crowdsecurity/sshd                     ✔️  enabled  0.7      /etc/crowdsec/collections/sshd.yaml                    
 crowdsecurity/whitelist-good-actors    ✔️  enabled  0.2      /etc/crowdsec/collections/whitelist-good-actors.yaml

 crowdsecurity/appsec-generic-rules     ✔️  enabled  1.0      /etc/crowdsec/collections/appsec-generic-rules.yaml    
 crowdsecurity/appsec-virtual-patching  ✔️  enabled  7.4      /etc/crowdsec/collections/appsec-virtual-patching.yaml 
 crowdsecurity/base-http-scenarios      ✔️  enabled  1.2      /etc/crowdsec/collections/base-http-scenarios.yaml     
 crowdsecurity/caddy                    ✔️  enabled  0.1      /etc/crowdsec/collections/caddy.yaml                   
 crowdsecurity/http-cve                 ✔️  enabled  2.9      /etc/crowdsec/collections/http-cve.yaml                
 crowdsecurity/linux                    ✔️  enabled  0.3      /etc/crowdsec/collections/linux.yaml                   
 crowdsecurity/sshd                     ✔️  enabled  0.7      /etc/crowdsec/collections/sshd.yaml                    
 crowdsecurity/whitelist-good-actors    ✔️  enabled  0.2      /etc/crowdsec/collections/whitelist-good-actors.yaml

and lastly my /etc/crowdsec/acquis.d/appsec.yaml file

listen_addr: 0.0.0.0:7422
appsec_config: crowdsecurity/appsec-default
name: caddy-appsec
source: appsec
labels:
  type: appsec

listen_addr: 0.0.0.0:7422
appsec_config: crowdsecurity/appsec-default
name: caddy-appsec
source: appsec
labels:
  type: appsec

Caddy Appsec

Similar Threads

Caddy Appsec

Similar Threads

Similar Threads

Similar Threads