Disable CSAPI upload due to removed whitelists

I must disable one of the cidr (10/8) from parsers/s02-enrich/whitelists.yaml because I do want them to be reported and acted upon. They can be source of spread in internal huge network upon possible attack.

My question is:

  1. how can I disable CSAPI upload, to not polute it?
    a. completly?
    b. selectively only for those in 10/8
  2. as I plan to get update from CSAPI, removing online_client: from config.yaml is rather not an option.

Please advise.


It is not possible to not share signal with the Crowdsec Central API and get the community-blocklist for it.
It is ok for us to send signal about those privates IPs, you should not worry about poluting us.

Thank you kindly for reply!

One more question around this: documentation at Introduction | CrowdSec states " This information is only going to be pushed when a scenario is coming from the hub and is unmodified. Custom scenarios, tainted scenarios and manual decisions are not pushed"

I did modified


which came from hub, judging from the logs, signals are being pushed to CSAPI.

  1. is this a bug?
  2. is documentation incorrect?
  3. is signal being push message in logs correct?

Hi @rdslw,

There is no bug, it’s only about scenarios. You modified a parser so it will be still pushed.
So the documentation is correct :slight_smile:


What does “this information” mean in the documentation in the sentence I quoted? what is or is not being pushed based on scenario being/not being modified?

This information, means the signal meta-data that is pushed. In the same documentation link you pasted, there is all the meta-data listing :

When crowdsec blocks an attack, unless you opt-out of it, crowdsec is going to push “signal meta-data”. Those meta-data are :

  • The name of the scenario that was triggered
  • The hash & version of the scenario that was triggered
  • The timestamp of the decision
  • Your machine_id
  • The offending IP (along with its geoloc info when available)