C
CrowdSec2w ago
Erik Steiner

Nextcloud client for Linux causes a ban by 'securityEngineIconhttp-crawl-non_statics'

I use the Nextcloud client to sync my local files with my Nextcloud server. This worked very well as long as I were in the same local network as the Nextcloud server. I recently moved to a new location and noticed, that crowdsec bans my IP as soon as I boot up my computer. I tracked it down to the Nextcloud Client. I reset the client and set everything up again. A few minutes, after the client began to sync all the files to this PC, the internet IP was banned again. I am looking forward to your help.
4 Replies
CrowdSec
CrowdSec2w ago
Important Information
This post has been marked as resolved. If this is a mistake please press the red button below or type /unresolve
© Created By WhyAydan for CrowdSec ❤️
Erik Steiner
Erik SteinerOP2w ago
Erik Steiner
Erik SteinerOP2w ago
$ sudo cscli hub list | grep nextcloud
Loaded: 146 parsers, 10 postoverflows, 764 scenarios, 8 contexts, 5 appsec-configs, 125 appsec-rules, 141 collections
 crowdsecurity/nextcloud-logs        ✔️  enabled  0.4      /etc/crowdsec/parsers/s01-parse/nextcloud-logs.yaml        
 crowdsecurity/nextcloud-whitelist   ✔️  enabled  2.3      /etc/crowdsec/parsers/s02-enrich/nextcloud-whitelist.yaml  
 crowdsecurity/nextcloud-bf                        ✔️  enabled  0.3      /etc/crowdsec/scenarios/nextcloud-bf.yaml                       
 crowdsecurity/nextcloud              ✔️  enabled  0.3      /etc/crowdsec/collections/nextcloud.yaml
$ sudo cscli hub list | grep nextcloud
Loaded: 146 parsers, 10 postoverflows, 764 scenarios, 8 contexts, 5 appsec-configs, 125 appsec-rules, 141 collections
 crowdsecurity/nextcloud-logs        ✔️  enabled  0.4      /etc/crowdsec/parsers/s01-parse/nextcloud-logs.yaml        
 crowdsecurity/nextcloud-whitelist   ✔️  enabled  2.3      /etc/crowdsec/parsers/s02-enrich/nextcloud-whitelist.yaml  
 crowdsecurity/nextcloud-bf                        ✔️  enabled  0.3      /etc/crowdsec/scenarios/nextcloud-bf.yaml                       
 crowdsecurity/nextcloud              ✔️  enabled  0.3      /etc/crowdsec/collections/nextcloud.yaml
I was able to fix the problem. It was due to my setup. While crowdsecurity/nextcloud-whitelist was installed on the Nextcloud host and the requests from the Nextcloud client were on the whitelist, they were blocked on the firewall host. Accordingly, you can see that the location of the decision is localhost, which refers to the firewall. I use Caddy on both the firewall and the Nextcloud host. Requests from the internet first reach the firewall Caddy and are then forwarded to the Nextcloud Caddy. The solution was to install crowdsecurity/nextcloud-whitelist on the firewall as well.
CrowdSec
CrowdSec2w ago
Resolving Nextcloud client for Linux causes a ban by 'securityEngineIconhttp-crawl-non_statics' This has now been resolved. If you think this is a mistake please run /unresolve

Did you find this page helpful?