Question about Caddy & Caddy Bouncer

I'm trying to use https://github.com/hslatman/caddy-crowdsec-bouncer with my caddyfile in order to block malicious IPs, however when I attempted to block my own IP (for testing purposes) I was still able to access the site. Am I doing something wrong?

I also have the caddy logs parser as well https://app.crowdsec.net/hub/author/crowdsecurity/log-parsers/caddy-logs and I also added Cloudflares IPs under trusted_proxies and it does show my IP correctly in the caddy log under

X-Forwarded-For

X-Forwarded-For

so I'm not sure as to why IPs aren't being blocked.

I also ran

tail /var/log/caddy/caddy.log | head -n 20 | cscli explain -f- --type caddy -v

tail /var/log/caddy/caddy.log | head -n 20 | cscli explain -f- --type caddy -v

and it did indicate it was able to parse the log, I can provide a log file of it in DMs if need be

(logging) {
    log {
        output file /var/log/caddy/caddy.log {
            roll_size 50mb
            roll_keep 5
            roll_keep_for 720h
        }
        format json
    }
}

{
    debug
    crowdsec {
        api_url http://localhost:8080
        api_key KEY
        ticker_interval 15s
        appsec_url URL
    }
}

cdn.domain.com {
    import logging
    route {
        crowdsec
        appsec
        root * /srv/directory/images
        file_server browse
    }
}

ava.domain.com {
    import logging
    route {
        crowdsec
        appsec
        reverse_proxy 127.0.0.1:3002 {
            trusted_proxies 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 \
                            141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 \
                            197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 \
                            104.24.0.0/14 172.64.0.0/13 131.0.72.0/22
        }
    }
}


pg.domain.com {
    import logging
    route {
        crowdsec
        appsec
        reverse_proxy 127.0.0.1:8085 {
            trusted_proxies 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 \
                            141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 \
                            197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 \
                            104.24.0.0/14 172.64.0.0/13 131.0.72.0/22
        }
    }
}

(logging) {
    log {
        output file /var/log/caddy/caddy.log {
            roll_size 50mb
            roll_keep 5
            roll_keep_for 720h
        }
        format json
    }
}

{
    debug
    crowdsec {
        api_url http://localhost:8080
        api_key KEY
        ticker_interval 15s
        appsec_url URL
    }
}

cdn.domain.com {
    import logging
    route {
        crowdsec
        appsec
        root * /srv/directory/images
        file_server browse
    }
}

ava.domain.com {
    import logging
    route {
        crowdsec
        appsec
        reverse_proxy 127.0.0.1:3002 {
            trusted_proxies 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 \
                            141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 \
                            197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 \
                            104.24.0.0/14 172.64.0.0/13 131.0.72.0/22
        }
    }
}


pg.domain.com {
    import logging
    route {
        crowdsec
        appsec
        reverse_proxy 127.0.0.1:8085 {
            trusted_proxies 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 \
                            141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 \
                            197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 \
                            104.24.0.0/14 172.64.0.0/13 131.0.72.0/22
        }
    }
}

GitHub

GitHub - hslatman/caddy-crowdsec-bouncer: A Caddy module that block...

A Caddy module that blocks malicious traffic based on decisions made by CrowdSec. - hslatman/caddy-crowdsec-bouncer

Collections, AppSec Rules & Configurations | CrowdSec Hub

Manage collections, configurations, remediation components, and AppSec rules with CrowdSec Hub. Streamline security with tools and integrations for enhanced protection.

CrowdSec•5mo ago•

6 replies

Muffin.

Question about Caddy & Caddy Bouncer

X-Forwarded-For

X-Forwarded-For

so I'm not sure as to why IPs aren't being blocked.

I also ran

tail /var/log/caddy/caddy.log | head -n 20 | cscli explain -f- --type caddy -v

tail /var/log/caddy/caddy.log | head -n 20 | cscli explain -f- --type caddy -v

and it did indicate it was able to parse the log, I can provide a log file of it in DMs if need be

(logging) {
    log {
        output file /var/log/caddy/caddy.log {
            roll_size 50mb
            roll_keep 5
            roll_keep_for 720h
        }
        format json
    }
}

{
    debug
    crowdsec {
        api_url http://localhost:8080
        api_key KEY
        ticker_interval 15s
        appsec_url URL
    }
}

cdn.domain.com {
    import logging
    route {
        crowdsec
        appsec
        root * /srv/directory/images
        file_server browse
    }
}

ava.domain.com {
    import logging
    route {
        crowdsec
        appsec
        reverse_proxy 127.0.0.1:3002 {
            trusted_proxies 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 \
                            141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 \
                            197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 \
                            104.24.0.0/14 172.64.0.0/13 131.0.72.0/22
        }
    }
}


pg.domain.com {
    import logging
    route {
        crowdsec
        appsec
        reverse_proxy 127.0.0.1:8085 {
            trusted_proxies 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 \
                            141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 \
                            197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 \
                            104.24.0.0/14 172.64.0.0/13 131.0.72.0/22
        }
    }
}

(logging) {
    log {
        output file /var/log/caddy/caddy.log {
            roll_size 50mb
            roll_keep 5
            roll_keep_for 720h
        }
        format json
    }
}

{
    debug
    crowdsec {
        api_url http://localhost:8080
        api_key KEY
        ticker_interval 15s
        appsec_url URL
    }
}

cdn.domain.com {
    import logging
    route {
        crowdsec
        appsec
        root * /srv/directory/images
        file_server browse
    }
}

ava.domain.com {
    import logging
    route {
        crowdsec
        appsec
        reverse_proxy 127.0.0.1:3002 {
            trusted_proxies 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 \
                            141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 \
                            197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 \
                            104.24.0.0/14 172.64.0.0/13 131.0.72.0/22
        }
    }
}


pg.domain.com {
    import logging
    route {
        crowdsec
        appsec
        reverse_proxy 127.0.0.1:8085 {
            trusted_proxies 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 \
                            141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 \
                            197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 \
                            104.24.0.0/14 172.64.0.0/13 131.0.72.0/22
        }
    }
}

GitHub

GitHub - hslatman/caddy-crowdsec-bouncer: A Caddy module that block...

A Caddy module that blocks malicious traffic based on decisions made by CrowdSec. - hslatman/caddy-crowdsec-bouncer

Collections, AppSec Rules & Configurations | CrowdSec Hub

Manage collections, configurations, remediation components, and AppSec rules with CrowdSec Hub. Streamline security with tools and integrations for enhanced protection.

Question about Caddy & Caddy Bouncer

Question about Caddy & Caddy Bouncer

Similar Threads

Similar Threads

Similar Threads