I’m brand new to Crowdsec, a potential user rather than a current user. I set CS up on my new Ubuntu 20.04 web server in AWS (replacing an Amazon Linux server) but then removed it because I couldn’t find a bouncer I needed. I also noticed CS being fairly new isn’t as well documented as it will eventually be, particularly around bouncers.
I had wanted to use a bouncer that updated the Cloudflare firewall for the five sites on my server (ie that means five different firewalls). The Cloudflare bouncer looks to use the old database model rather than the new API model so I’m not confident it will actually work and I don’t want to spend the time if it’s not likely to work. The tutorials I found mostly seem to skip bouncers as well. I already have fail2ban set up to update the CloudFlare firewall.
I’d like to give Crowdsec another go rather than go back to fail2ban if someone can give me a bit guidance, as it seems a better option going forward.
My Configuration and Use Case
I have three low volume Wordpress websites and one custom PHP website on their own domains, all served using Nginx on one server with no load balancer. The sites are proxied using CloudFlare and I use AWS security groups so that only Cloudflare and my static IP can directly reach the server. I don’t currently use iptables. Each website has its own Nginx logfile. I generally prefer to do things in Nginx than Wordpress as it’s much more efficient than having to start a PHP thread which is much slower and still takes significant resources.
- Is Crowdsec mature and flexible enough for production web servers?
- Is there a working Cloudflare bouncer? If so is Crowdsec / the bouncer able to determine which of the five sites in my CloudFlare account it needs to add an IP ban to based on which log file it got the IP from? Banning from each of the five Cloudflare firewalls would also be fine.
- If there’s no Cloudflare bouncer that meets my needs would the best approach be the Nginx bouncer? That’s currently at v0.0.4 which doesn’t inspire confidence that it’s working and easy to configure. Is that bouncer working and effective?
- Will the iptables bouncer work given all of the requests are routed via Cloudflare? My knowledge of iptables is it’s more TCP level than request level. Or is there some kind of logic that can make this work?
Thanks for any thoughts or suggestions