Crowdsec add request whitelist

garrkiss · December 16, 2024, 10:00am

Hello everyone,
Could you please tell me how to add a specific request to the CrowdSec whitelist? I couldn’t quite figure out from the documentation if this is possible.

Example request:
POST /api/v4/protocol/create HTTP/2.0

iiAmLoz · December 16, 2024, 10:57am

Yes this is possible but you want to whitelist all IP’s that match this specific pattern?

for example:

#/etc/crowdsec/parsers/s02-enrich/mywhitelist.yaml
name: my/api-whitelist
description: "Whitelist events for my api"
filter: "evt.Meta.service == 'http' && evt.Meta.log_type in ['http_access-log', 'http_error-log']"
whitelist:
  reason: "My API whitelist"
  expression:
   - evt.Meta.http_status == '200' && evt.Meta.http_verb == 'POST' && evt.Parsed.request contains '/api/v4/protocol/create'

Change the http_status if 200 is not correct.

garrkiss · December 16, 2024, 12:58pm

I want to allow all IP addresses in the whitelist. Also, could you recommend the best practice if I need to add another rule in the future? Should I update this configuration or create a new one? Could you also provide an example of how it would look? Thank you in advance.

Topic		Replies	Views
Best way to whitelist http request crowdsec	3	299	May 28, 2024
Whitelisting one or more countries crowdsec	5	1749	February 5, 2024
Crowdsec IP whitelist for Bunny CDN crowdsec	1	36	October 14, 2024
Crowdsec windows server ip whitelist	2	462	July 21, 2023
Server ban it self with http-crawl-non_statics error crowdsec	2	898	December 6, 2021

Crowdsec add request whitelist

Related topics