Caddy Appsec
Hi!
I have setup crowdsec with https://github.com/hslatman/caddy-crowdsec-bouncer.
But im not sure if appec is working as it should, have I missed anything?
In my caddy config I have
These are my collections
and lastly my /etc/crowdsec/acquis.d/appsec.yaml file
8 Replies
Important Information
This post has been marked as resolved. If this is a mistake please press the red button below or type
/unresolve
© Created By WhyAydan for CrowdSec ❤️
Caddy configuration
if useful https://www.crowdsec.net/blog/secure-caddy-crowdsec-remediation-waf-guide but the TLDR is, the module introduces a new keyword called "appsec" like the "crowdsec" keyword so you must also put this in your crowdsec block @DJKatastrof
Secure Caddy with CrowdSec: Remediation and WAF Guide
Learn how to secure Caddy with CrowdSec using the Remediation and AppSec components. Step-by-step setup for blocking threats and logging traffic.
I'll try and see 🙂
another question, i just enrolled my instance. But on app.crowdsec.net its only showing 4 scenarios. If i type cscli scenarios list I can see 100 scenarios. Does it take time to sync maybe?
Becuase alerts is not syncing as well. Maybe the caddy bouncer dont provide that info?
@hslatman maybe you can help me out here 😅 thanks
on community plan we only sync meta data like that every 2 hours.
make sure you are persisting the
/etc/crowdsec
directory as that holds the enrollment information, if you dont and do a restart/destroy then the console wont know its the same instance.Cool, thanks! Does enrolling to console require local API? If my crowdsec docker in a multiserver env?
nevermind, i figured that you need to enrol the lapi server, not the other way around, thanks!
Yes as the LAPI is the main one talking to CAPI, the rest dont need to have the LAPI running
Resolving Caddy Appsec
This has now been resolved. If you think this is a mistake please run
/unresolve