403 on cloudfront

Trying to install crowdsec by container I fail at the first start with a 403

Mar 19 11:16:52 R1-pve.rocky9-pve.org crowdsec1[27844]: time="19-03-2024 10:16:52" level=fatal msg="Failed to get Hub index : failed to download index: bad http code 403 while requesting https://hub-cdn.crowdsec.net/v1.5.4/.index.json"

I think that it is recent, do you have some issue on cloudfront, if I go myself to the URL indeed I have a 403 from cloudfront

fixed thanks


FATA[2024-03-26T16:42:06Z] failed to update hub: bad http code 403 for https://hub-cdn.crowdsec.net/master/.index.json 
dpkg: error processing package crowdsec (--configure):
 installed crowdsec package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)

We have a rate limits on the hub cloudfront address do you have any other deployments using the same IP address?

I’m deploying VM’s in a cluster under the same IP address. Rate limiting is probably what happened. But I would have expected a 429 error and not 403? Is there any details on the rate limit?

Cloudfront doesnt handle the response, the response comes from AWS WAF which only has a 403 response code option.

I am a developer and an integrator, so I could have some works and some instances running, however the level is really low if it is this reason to trigger a limit


We’re trying to deal with some broken setups that keep downloading hub files in a loop, leading to unwanted infrastructure load & cost. We’re looking to lighten the scenarios a bit not to impact legit users managing clusters exiting through the same IP, while looking for a more long-term solution.

Thanks for your patience :slight_smile:

1 Like
Apr 09 14:20:37 R2-pve.rocky9-pve2.org agent@crowdsec1[8111]: Running: cscli  parsers install "crowdsecurity/docker-logs"
Apr 09 14:20:38 R2-pve.rocky9-pve2.org agent@crowdsec1[8111]: time="2024-04-09T12:20:38Z" level=fatal msg="error while installing 'crowdsecurity/docker-logs': while downloading crowdsecurity/docker-logs: bad http code 403"

Got this today, I do not know if it is related

related @iiAmLoz @thibault

╰─➤  curl -k https://hub-cdn.crowdsec.net/v1.5.4/.index.json 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Request blocked.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
Generated by cloudfront (CloudFront)
Request ID: sw8e-Y-Z8Efp2Ft0ectnBFaF9V5ifUWOI_8M1CnuuEgmhbPx0Z6fQw==

Hey I can see you also posted in discord can you reach out to me in DM’s im under the same name

1 Like

honestly, I do not like discord…and login to read is so boring, I love open talk in an open world

I can confirm it is my external ip that is blocked :stuck_out_tongue:

When I go to tethering I can do the curl CLI

All good open world is fine too, sometimes I forget to look outside :laughing:

To update this thread with the information, the user IP address was blocked due to excessive download of the geo ip database. So if you are running individual nodes this may happen, if you are on a cluster and can share the data volume this would be best.

1 Like

yep will try, to be honest I was working to validate some UI properties, I do triggered plenty of time the services and I might have installed some crowdsec instances but I do not think it was abused (from my point of view of course)

each crowdsec container mounts its data under a volume