Hello there, I would like to add a ban time escalation every time an attack attempt comes in from the banned IP address and extends it’s expiration time. I know that this can be defined in profiles.yaml file, but I don’t exactly sure how that will look like. Does it has to be written in Go? Or is there something that I am missing?
Any source that I can refer to, would be much appreciated.
You can achieve it by following the doc: Format | CrowdSec
The expression will generate a Golang duration and replace the default decision duration. So you need to be careful that your expression generates a valid duration. You have an example in the documentation that shows you how to do it.
Won’t the expression lead to an overflow, exceeding maximum value ?
Hi, depends on the duration expression you will write. But if it starts with a small ban duration, you will probably not exceed the maximum because the attacker will stop attacking before (if he bans for 1 week for example).