C
CrowdSec2d ago
Muffin.

Question about Caddy & Caddy Bouncer

I'm trying to use https://github.com/hslatman/caddy-crowdsec-bouncer with my caddyfile in order to block malicious IPs, however when I attempted to block my own IP (for testing purposes) I was still able to access the site. Am I doing something wrong? I also have the caddy logs parser as well https://app.crowdsec.net/hub/author/crowdsecurity/log-parsers/caddy-logs and I also added Cloudflares IPs under trusted_proxies and it does show my IP correctly in the caddy log under X-Forwarded-For so I'm not sure as to why IPs aren't being blocked. I also ran tail /var/log/caddy/caddy.log | head -n 20 | cscli explain -f- --type caddy -v and it did indicate it was able to parse the log, I can provide a log file of it in DMs if need be 
(logging) {
    log {
        output file /var/log/caddy/caddy.log {
            roll_size 50mb
            roll_keep 5
            roll_keep_for 720h
        }
        format json
    }
}

{
    debug
    crowdsec {
        api_url http://localhost:8080
        api_key KEY
        ticker_interval 15s
        appsec_url URL
    }
}

cdn.domain.com {
    import logging
    route {
        crowdsec
        appsec
        root * /srv/directory/images
        file_server browse
    }
}

ava.domain.com {
    import logging
    route {
        crowdsec
        appsec
        reverse_proxy 127.0.0.1:3002 {
            trusted_proxies 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 \
                            141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 \
                            197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 \
                            104.24.0.0/14 172.64.0.0/13 131.0.72.0/22
        }
    }
}


pg.domain.com {
    import logging
    route {
        crowdsec
        appsec
        reverse_proxy 127.0.0.1:8085 {
            trusted_proxies 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 \
                            141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 \
                            197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 \
                            104.24.0.0/14 172.64.0.0/13 131.0.72.0/22
        }
    }
}
(logging) {
    log {
        output file /var/log/caddy/caddy.log {
            roll_size 50mb
            roll_keep 5
            roll_keep_for 720h
        }
        format json
    }
}

{
    debug
    crowdsec {
        api_url http://localhost:8080
        api_key KEY
        ticker_interval 15s
        appsec_url URL
    }
}

cdn.domain.com {
    import logging
    route {
        crowdsec
        appsec
        root * /srv/directory/images
        file_server browse
    }
}

ava.domain.com {
    import logging
    route {
        crowdsec
        appsec
        reverse_proxy 127.0.0.1:3002 {
            trusted_proxies 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 \
                            141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 \
                            197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 \
                            104.24.0.0/14 172.64.0.0/13 131.0.72.0/22
        }
    }
}


pg.domain.com {
    import logging
    route {
        crowdsec
        appsec
        reverse_proxy 127.0.0.1:8085 {
            trusted_proxies 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 \
                            141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 \
                            197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 \
                            104.24.0.0/14 172.64.0.0/13 131.0.72.0/22
        }
    }
}
GitHub
GitHub - hslatman/caddy-crowdsec-bouncer: A Caddy module that block...
A Caddy module that blocks malicious traffic based on decisions made by CrowdSec. - hslatman/caddy-crowdsec-bouncer
Collections, AppSec Rules & Configurations | CrowdSec Hub
Manage collections, configurations, remediation components, and AppSec rules with CrowdSec Hub. Streamline security with tools and integrations for enhanced protection.
1 Reply
CrowdSec
CrowdSec2d ago
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command /resolve or press the green resolve button below.
Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️

Did you find this page helpful?