Hi,
I’m running a REST API with nginx as a reverse proxy, and users authenticate via Bearer Token in the header. Due to business logic, some API endpoints return a 404 status to indicate that an object has been deleted.
However, this leads to clients being banned by the crowdsecurity/http-probing scenario:
Take remediation against a single IP that requires multiple different (http path) pages that end up in 404/403/400.
Leakspeed of 10s, capacity of 10.
Since legitimate clients may encounter multiple 404 responses, I’m looking for a way to prevent false positives while still protecting against actual scanning attempts. What would be the best approach to handle this?
Thanks in advance!