Home Assistant companion app constantly being blocked (http-generic-403-bf)

I have setup crowdsec in traefik and it works great, a little bit to great.
It constantly blocks my Home Assistant companion app on a /api/webhook POST request.

/ #  cscli alerts inspect 128

################################################################################################

 - ID           : 128
 - Date         : 2025-01-19T19:35:20Z
 - Machine      : crowdsec
 - Simulation   : false
 - Remediation  : true
 - Reason       : LePresidente/http-generic-403-bf
 - Events Count : 6
 - Scope:Value  : Ip:123.456.789.012
 - Country      : NL
 - AS           : Vodafone Libertel B.V.
 - Begin        : 2025-01-19 19:35:20.543877174 +0000 UTC
 - End          : 2025-01-19 19:35:20.772911353 +0000 UTC
 - UUID         : 123456789-660c-4c07-ba6c-123456789


 - Context  :
╭────────────┬──────────────────────────────────────────────────────────────╮
│     Key    │                             Value                            │
├────────────┼──────────────────────────────────────────────────────────────┤
│ method     │ POST                                                         │
│ status     │ 403                                                          │
│ target_uri │ /api/webhook/1234567898b123456789d210d024912345678910a953 │
│            │ 043af83123456789                                            │
│ user_agent │ Home Assistant/2025.1.2-14946 (Android 14; SM-G996B)         │
╰────────────┴──────────────────────────────────────────────────────────────╯
/ #

How can i prevent this from happening again?

this scenario doesn’t trigger “from the beginning” and only acts on repeated requests with status code 403. so there must be another starting point which initially blocks your app and 403-bf keeps preventing you app because of previous 403. or the app has no access to the mentioned webhook and triggers the scenario… but it’s impossible to judge from one alert only.

Please note we have updated the scenario to no longer evaluate any other requests than POST so please update your hub and scenarios to latest via:

cscli hub update && cscli hub upgrade

If you are running within a container environment please restart the container after these commands are run.