Here a computer from country X tries to access my server. After the first access, Crowdsec says it has made a decision. Why can the computer then continue to access my server?
I have set such IPs to be banned for 24 hours. Why is this IP not banned after the first attempt?
Hi
Did you check this ? FAQ / Troubleshooting | CrowdSec
Yes, perhaps a problem with my setup
How can i remove this duplicate entrys? I took over this server and I honestly don’t know how to fix it. Removing and reinstalling didn’t help
This is a tricky question without understanding your infrastructure. It depends if you using completely blocking remediation such a firewall-bouncer or just a web server rememdiation (which can cause multiple triggers since it responds a 403 but still logs in access logs)
by your latter response I can see the firewall bouncer but are you using a upstream proxy service like cloudflare? if so this nullifies the remediation as from layer 3/4 all the firewall remediation can see is cloudflares IP.
If you wish to delete an old entry that has an old LAPI pull timestamp you copy the name property and pass it to cscli bouncers delete <name>
I’m using a firewall bouncer. and i do not use a upstrean proxy service. And thank you, the deletion of the duplicate remediation component was successfullly
