C
CrowdSec4w ago
Panzhunter

Bouncer isn't Bouncing

My Bouncer isn't blocking me even when I manually ban myself. Crowdsec is able to read the logs correctly and can see that I'm blocked, It's just not preventing me from accessing the site. I'm using https://github.com/ZoeyVid/NPMplus
GitHub
GitHub - ZoeyVid/NPMplus: improved fork of nginx-proxy-manager
improved fork of nginx-proxy-manager. Contribute to ZoeyVid/NPMplus development by creating an account on GitHub.
6 Replies
CrowdSec
CrowdSec4w ago
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command /resolve or press the green resolve button below.
Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
Panzhunter
PanzhunterOP4w ago
Here is my crowdsec.conf file
ENABLED=true
API_URL=http://127.0.0.1:8080
API_KEY=REDACTED
CACHE_EXPIRATION=1
# bounce for all type of remediation that the bouncer can receive from the local API
BOUNCING_ON_TYPE=all
FALLBACK_REMEDIATION=ban
REQUEST_TIMEOUT=2500
UPDATE_FREQUENCY=10
# By default internal requests are ignored, such as any path affected by rewrite rule.
# set ENABLE_INTERNAL=true to allow checking on these internal requests.
ENABLE_INTERNAL=false
# live or stream
MODE=live
# exclude the bouncing on those location
EXCLUDE_LOCATION=
#those apply for "ban" action
# /!\ REDIRECT_LOCATION and RET_CODE can't be used together. REDIRECT_LOCATION take priority over RET_CODE
BAN_TEMPLATE_PATH=/data/crowdsec/ban.html
REDIRECT_LOCATION=
RET_CODE=
#those apply for "captcha" action
#valid providers are recaptcha, hcaptcha, turnstile
CAPTCHA_PROVIDER=
# Captcha Secret Key
SECRET_KEY=
# Captcha Site key
SITE_KEY=
CAPTCHA_TEMPLATE_PATH=/data/crowdsec/captcha.html
CAPTCHA_EXPIRATION=3600

APPSEC_URL=http://127.0.0.1:7422
APPSEC_FAILURE_ACTION=deny
APPSEC_CONNECT_TIMEOUT=1000
APPSEC_SEND_TIMEOUT=30000
APPSEC_PROCESS_TIMEOUT=10000
ALWAYS_SEND_TO_APPSEC=false
SSL_VERIFY=true
ENABLED=true
API_URL=http://127.0.0.1:8080
API_KEY=REDACTED
CACHE_EXPIRATION=1
# bounce for all type of remediation that the bouncer can receive from the local API
BOUNCING_ON_TYPE=all
FALLBACK_REMEDIATION=ban
REQUEST_TIMEOUT=2500
UPDATE_FREQUENCY=10
# By default internal requests are ignored, such as any path affected by rewrite rule.
# set ENABLE_INTERNAL=true to allow checking on these internal requests.
ENABLE_INTERNAL=false
# live or stream
MODE=live
# exclude the bouncing on those location
EXCLUDE_LOCATION=
#those apply for "ban" action
# /!\ REDIRECT_LOCATION and RET_CODE can't be used together. REDIRECT_LOCATION take priority over RET_CODE
BAN_TEMPLATE_PATH=/data/crowdsec/ban.html
REDIRECT_LOCATION=
RET_CODE=
#those apply for "captcha" action
#valid providers are recaptcha, hcaptcha, turnstile
CAPTCHA_PROVIDER=
# Captcha Secret Key
SECRET_KEY=
# Captcha Site key
SITE_KEY=
CAPTCHA_TEMPLATE_PATH=/data/crowdsec/captcha.html
CAPTCHA_EXPIRATION=3600

APPSEC_URL=http://127.0.0.1:7422
APPSEC_FAILURE_ACTION=deny
APPSEC_CONNECT_TIMEOUT=1000
APPSEC_SEND_TIMEOUT=30000
APPSEC_PROCESS_TIMEOUT=10000
ALWAYS_SEND_TO_APPSEC=false
SSL_VERIFY=true
Loz
Loz4w ago
since you have set 
# live or stream
MODE=live
# live or stream
MODE=live
you should be able to see which IP it is checking via the logs of crowdsec
Panzhunter
PanzhunterOP4w ago
I'm able to see which IP is blocked but when I look at the logs it looks like everything is working fine. I'm even able to see my IP in 
cscli decision list
cscli decision list
2025/11/11 01:19:48 [error] 538#538: *48 [lua] live.lua:39: live_query(): failed to query LAPI http://127.0.0.1:8080/v1/decisions?ip=REDACTED IP: connection refused, client: REDACTED IP, server: REDACTED SITE, request: REDACTED SITE, host: REDACTED SITE
2025/11/11 01:19:48 [error] 538#538: *48 [lua] live.lua:39: live_query(): failed to query LAPI http://127.0.0.1:8080/v1/decisions?ip=REDACTED IP: connection refused, client: REDACTED IP, server: REDACTED SITE, request: REDACTED SITE, host: REDACTED SITE
The only thing that looks odd is the "failed to query LAPI" but when I run 
cscli lapi status
cscli lapi status
I'm able to connects uccessfully. 
Loaded credentials from /etc/crowdsec/local_api_credentials.yaml
Trying to authenticate with username localhost on http://0.0.0.0:8080/
You can successfully interact with Local API (LAPI)
Loaded credentials from /etc/crowdsec/local_api_credentials.yaml
Trying to authenticate with username localhost on http://0.0.0.0:8080/
You can successfully interact with Local API (LAPI)
Loz
Loz4w ago
Yeah so the problem is npmplus cant access the URL 127.0.0.1:8080 are you in host networking (npmplus default) and CrowdSec 8080 port is forwarded to the loopback? ref: https://github.com/ZoeyVid/NPMplus/blob/f4477ac432b57f36fbaa694a809d17b2e0d97c9f/compose.yaml#L6 https://github.com/ZoeyVid/NPMplus/blob/f4477ac432b57f36fbaa694a809d17b2e0d97c9f/compose.yaml#L99-L100 cause either these have been altered and havent been updated in the conf file OR your firewall is blocking loopback traffic which would break alot more things.
Panzhunter
PanzhunterOP4w ago
Thank you! I made that change to the ports and that seemed to fix it. Thanks again for your help!

Did you find this page helpful?