CrowdSec•3w ago

LAPI whitelist

Hi, I have at least 60 servers running CrowdSec, all connected to a single LAPI. They are trying to ban an IP that I want to whitelist. I need to manage the whitelist centrally on the LAPI, because it's not practical to update all 60 servers individually. On the LAPI, I tried the following postoverflow configuration: name: custom-gocache-whitelist description: "Whitelist GoCache IPs" whitelist: reason: "GoCache IP ranges" expression: - "any(File('gocache_ips.txt'), { IpInRange(evt.Overflow.Alert.Source.IP, #) })" data: - source_url: https://raw.githubusercontent.com/Apiki/wphost/refs/heads/master/gocache-ips.txt dest_file: gocache_ips.txt type: string But it's not working — IPs from this range are still being banned.

9 Replies

CrowdSec•3w ago

Important Information

Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command /resolve or press the green resolve button below.

Log Files

If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.

Guide Followed (CrowdSec Official)

If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.

Screenshots

Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.

iiamloz•3w ago

Postoverflows have the same constraint as parser whitelist they have to be deployed on every machine. You should use allowlist instead https://docs.crowdsec.net/docs/next/cscli/cscli_allowlists/

cscli allowlists | CrowdSec

cscli allowlists

Mesaque SilvaOP•3w ago

running allowlist on LAPI will work as expected? every ban send by servers will not go to bouncers and etc?

iiamloz•3w ago

Allowlist stops a decision being made so yes it stops making one so never makes it to bouncers So in short yes allowlist are the centrally managed systems for a single LAPI

Mesaque SilvaOP•3w ago

FATA[05-08-2025 21:47:00] unknown command "allowlists" for "cscli"
4af4ec9767cc:/# crowdsec --version 2025/08/05 21:48:33 version: v1.5.4-e4dcdd25728b914823525f1efabf18d5c454902b 2025/08/05 21:48:33 Codename: alphaga 2025/08/05 21:48:33 BuildDate: 2023-09-20_12:18:33 2025/08/05 21:48:33 GoVersion: 1.20.8 2025/08/05 21:48:33 Platform: docker 2025/08/05 21:48:33 libre2: C++ 2025/08/05 21:48:33 Constraint_parser: >= 1.0, <= 2.0 2025/08/05 21:48:33 Constraint_scenario: >= 1.0, < 3.0 2025/08/05 21:48:33 Constraint_api: v1 2025/08/05 21:48:33 Constraint_acquis: >= 1.0, < 2.0 is there any risk on upgrading crowdsec?

iiamloz•3w ago

The only issue is you need to update all LAPI and machines at the same time, as your version is quite far behind and is not receving any detection updates anymore.

thatwhiff•3w ago

Hey, quick question how many versions behind the latest can we be and still receive detection/security updates? For example, if I’m on 1.6.9 and the latest is 1.6.11, would I still get the updates, or is there a specific cutoff point for support? I know staying on the latest is ideal, just asking out of curiosity.

iiamloz•3w ago

In terms of the hub, you do not get any updates unless you are on latest unless we backport the changes but we rarely do this unless its a critical bug in a parser/scenario that needs to be addressed. That said we typically say we support the last 2 versions so atm its 1.6.9+ but its contradicts how we currently manage the hub.

thatwhiff•3w ago

Ok Got it

Gaming

Programming

LAPI whitelist

Did you find this page helpful?