I solved it for me by using mod_realip in nginx. But this is a general parsing issue, I know of parsers for fail2ban testing for the later ip in fovor of the first one and use it for processing if available,
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Setting up crowdsec (native on host) with nginx proxy manager (running in docker) | 2 | 1653 | February 17, 2025 | |
| Docker confused | 2 | 979 | October 29, 2023 | |
| Solution for parsing logs of docker containers | 5 | 5013 | July 30, 2022 | |
| CrowdSec and NGINX JSON Log | 0 | 40 | April 21, 2025 | |
| Crowdsec deeply blocks my IP and I cannot revert it | 1 | 1446 | January 19, 2024 |