Hi all.
crowdsec has a geoip-enrich parser, for geolocation detection. Can it be used to block all but the allowed countries?
Is there an example with a script?
Hi all.
crowdsec has a geoip-enrich parser, for geolocation detection. Can it be used to block all but the allowed countries?
Is there an example with a script?
This shouldn’t really be the use case for this. Since CrowdSec is reactive not proactive it means there will always be a single request that gets through.
A better fit would be to use an external firewall / application specific that can handle this.
The intended use of country was to detect DDOS from country publish a short term ban which then get handled by cloudflare bouncer (which currently is the only bouncer that support country bans)