Best way to add dynamic UptimeRobot IP whitelist in CrowdSec?
Hi all, I have a question about handling allowlists/whitelists in parsers.
I’d like to whitelist the IPs from UptimeRobot (list here: https://cdn.uptimerobot.com/api/IPv4andIPv6.txt).
I see in the docs that data: can be used in a parser definition like this:
data:
- source_url: https://URL/TO/FILE
dest_file: LOCAL_FILENAME
type: (regexp|string)
But the docs mention this only works when the parser is installed from the hub via cscli, otherwise the file needs to be manually downloaded.
So my questions are:
Is it better to add the s02-enrich parser to add this whitelist file with ips
Should I rather create a postoverflow whitelist that downloads and refreshes this IP list daily?
Or use allowlist to update the IPs but i suppose the ip's are nt updated by default in that from the url
If the first option: will CrowdSec auto-refresh the list from the source_url, or do I need to schedule a cron/wget to update dest_file manually?
Basically: what’s the best practice for maintaining a dynamic whitelist like this?
Or better if crowdsec team can add the ips in Hub so that we dont have to update the lists on our own
3 Replies
Important Information
This post has been marked as resolved. If this is a mistake please press the red button below or type
/unresolve© Created By WhyAydan for CrowdSec ❤️
But the docs mention this only works when the parser is installed from the hub via cscli, otherwise the file needs to be manually downloaded.We need to update this. In the later versions you can define your own data and it will download it automatically. However, there is a caveat, if the server does not send a modification time header then we do not know when the file was updated so by default if this is not supplied it will be updated every 7 days. You can however, use the allowlist feature and write a small bash script to automate this. I wrote one for a user that wanted to update their dynamic IP so you can get some inspiration from that https://github.com/crowdsecurity/crowdsec/issues/3708#issuecomment-3018186351
GitHub
cscli allowlists should support FQDN for dynamically changed addres...
What would you like to be added? /kind enhancement cscli allowlists add my-private-address-list my-fqdn.tld -d 'home address list dynamic' Why is this needed? Right now cscli allowlist allo...
Resolving Best way to add dynamic UptimeRobot IP whitelist in CrowdSec?
This has now been resolved. If you think this is a mistake please run
/unresolve