Hello,
we had repeatingly some false positves, IPs that were blocked upon decision “LePresidente/http-generic-401-bf”.
Where does this decision/role come from? I did not select the repository “LePresidente” when installing crowsec. And how can I remove this pattern? I found who to unblock the IP/decision on the host, but I don’t want to have the reason “LePresidente/http-generic-401-bf” installed.
Can someone explain please, what it does?
I also marked as “false positive” in the backend…
Thanks!