Ban escalation time

Hello there, I would like to add a ban time escalation every time an attack attempt comes in from the banned IP address and extends it’s expiration time. I know that this can be defined in profiles.yaml file, but I don’t exactly sure how that will look like. Does it has to be written in Go? Or is there something that I am missing?

Any source that I can refer to, would be much appreciated.

Thank you.

Hi @ayucel,

You can achieve it by following the doc: Format | CrowdSec

The expression will generate a Golang duration and replace the default decision duration. So you need to be careful that your expression generates a valid duration. You have an example in the documentation that shows you how to do it.

1 Like

Hey @he2ss,

Thank you for the help.

Won’t the expression lead to an overflow, exceeding maximum value ?

Hi, depends on the duration expression you will write. But if it starts with a small ban duration, you will probably not exceed the maximum because the attacker will stop attacking before (if he bans for 1 week for example).

1 Like