How to manage two bouncers ?
Hello, I have a LAMP web server with two bouncers. The first one is crowdsec-firewall-bouncer, which blocks IP addresses at the system level, and the second one is the PHP bouncer, which handles the captcha part.
Right now I have an issue: when someone gets banned, it’s handled by the firewall bouncer. However, I would like it to be handled by the PHP bouncer instead, so that the user can see the ban.html page.
How can I configure it so that all HTTP requests are processed by the PHP bouncer, while everything else is still handled by the firewall bouncer?
8 Replies
Important Information
This post has been marked as resolved. If this is a mistake please press the red button below or type
/unresolve© Created By WhyAydan for CrowdSec ❤️
most golang remediations allow defining this yaml key:
so any scenarios not containing that keyword will be used, other than that would be setting the remeidation into ipset mode and crafting your own iptables rules.
Super, thank you very much Loz. I also have another issue, so I’ll take advantage of this discussion to ask my question: When I get banned, I do see the ban.html page right away, but when I unban myself, it takes 1 to 2 minutes before I can access the website again. Yet, I am in live mode in the PHP bouncer settings. Do you know why?
maybe cache somewhere, cause most cases even in live we have a little bit of cache
cause when the php returns, I guess it does not set the no cache headers so if your apache is doing caching it might be that also 🤷 i am not a php guy 😄
Hahaha, thank you for your help. By any chance, do you know the person who made the PHP bouncer? Because I’d like to talk with them. I noticed that by default, the template for displaying the ban.html page doesn’t include information about the IP address or the reason for the ban. I managed to hack something together to display the IP address, but I’m unable to retrieve the trigger scenario of the alert.
This is in the context of modifying the ban.html page to make it clearer for our clients. The goal is that if there is a false positive, the client can send us the content of the code block I’m setting up, which contains their IP and the banning scenario.
Its an external contractor who looks after it, my recommendation is to open an issue on the repo, they are quite responsive. They are in this discord but I forget the handle.
okay thx @iiamloz
Resolving How to manage two bouncers ?
This has now been resolved. If you think this is a mistake please run
/unresolve