Crowdsec-blocklist-mirror can't access blocklist

1

I have crowdsec-blocklist-mirror running on an Ubuntu 22.04 server, logs look good, I can access the block list on the local machine using “http://localhost:41412/security/blocklist”, but can’t access it using “http://ipaddresss:41412/security/blocklist” from neither the local machine or other computers on the network. My pfSense firewall running on a separate computer is setup to read the list and add the IPs to it’s own firewall rule block list, but of course can’t retrieve the list due to this issue.

What am I missing?

Here are the logs:

time="30-09-2023 12:24:07" level=info msg="config is valid"
time="30-09-2023 12:24:07" level=info msg="Using API key auth"
time="30-09-2023 12:24:07" level=info msg="serving blocklist in format plain_text at endpoint /security/blocklist"
time="30-09-2023 12:24:07" level=info msg="Enabling metrics at endpoint '/metrics' "
time="30-09-2023 12:24:07" level=info msg="Starting server at 127.0.0.1:41412"
time="30-09-2023 12:37:47" level=info msg="received 21930 new decisions"
time="30-09-2023 12:37:57" level=info msg="received 14255 new decisions"
time="30-09-2023 13:15:09" level=info msg="config is valid"
time="30-09-2023 13:15:09" level=info msg="Using API key auth"
time="30-09-2023 13:15:09" level=info msg="serving blocklist in format plain_text at endpoint /security/blocklist"
time="30-09-2023 13:15:09" level=info msg="Enabling metrics at endpoint '/metrics' "
time="30-09-2023 13:15:09" level=info msg="Starting server at 127.0.0.1:41412"
time="30-09-2023 13:15:10" level=info msg="received 36179 new decisions"
time="30-09-2023 13:28:39" level=info msg="config is valid"
time="30-09-2023 13:28:39" level=info msg="Using API key auth"
time="30-09-2023 13:28:39" level=info msg="serving blocklist in format plain_text at endpoint /security/blocklist"
time="30-09-2023 13:28:39" level=info msg="Enabling metrics at endpoint '/metrics' "
time="30-09-2023 13:28:39" level=info msg="Starting server at 127.0.0.1:41412"
time="30-09-2023 13:28:39" level=info msg="received 36179 new decisions"

Here is my config file:

config_version: v1.0
crowdsec_config:
  lapi_key: *key generated using instructions on crowdsec website*
  lapi_url: http://127.0.0.1:8080
  update_frequency: 10s
  include_scenarios_containing: []
  exclude_scenarios_containing: []
  only_include_decisions_from: []
  insecure_skip_verify: false

blocklists:
  - format: plain_text # Supported formats are either "plain_text" or "mikrotik"
    endpoint: /security/blocklist
    authentication:
      type: none # Supported types are either "none", "ip_based" or "basic"
      user:
      password:
      trusted_ips: # IP ranges, or IPs that don't require auth to access this blocklist
        - 127.0.0.1
        - ::1

listen_uri: 127.0.0.1:41412
tls:
  cert_file:
  key_file:

metrics:
  enabled: true
  endpoint: /metrics

# logging configuration
log_media: file
log_dir: /var/log/
log_level: info
log_max_size: 40
log_max_age: 30
log_max_backups: 3
compress_logs: true
# enable access log of the HTTP server
enable_access_logs: true
2

Your listen address is listen_uri: 127.0.0.1:41412 which means only localhost can have access change it to listen_uri: 0.0.0.0:41412 for it to bind to all addresses including the internal IP.

If you want to only bind to a specific interface change 0.0.0.0 to the IP.

3

Dang, that was staring me in my face! Thanks for pointing it out, working now.