Selfhosted cloudflare tunnel + crowdSec?
Hi
Before cloudflare tunel i was using crowSed alone but i set cloudflare tunnel to hide my public IP and filter request before hit my server with CF policies
I'm not a expert , but i have somes self hosted service can acces on the web with cloudflare tunnel.
It's working , i add some policies to autorize only IP from my country.
Now, i would like to add crowdSec with cloudflare tunnel
Something like this ?
internet -> cloudflare -> myserver -> crowdsec -> reverse proxy -> my service
Why ? Because CF policies allow every IPs from my country , so it's nice to block all other but not perfect
I see this : https://docs.crowdsec.net/u/bouncers/cloudflare-workers , i have free plan, idk if its working well for this case
CrowdSec Cloudflare Worker | CrowdSec
📚 Documentation
5 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
Hi. I also interested in this. Can I ask why cloudflare tunnel alone is not enough? Because you're using it with a reverse proxy and crowdsec which make me feel overwhelmed
I'm not an expert , but i think it's two different use case crowsec can analyze the ip+ queries and block it if needed, cloudflare is more like a true/false firewall only with ip and custom static rules
So instead of let that malicious actor come through cloudflare and blocked in your device (crowdsec firewall bouncer). We put those blocklist on cloudflare to block them as first. Right?
Yes