Nginx bouncer ban type

Does the Nginx boucer bans the connection at the webserver level or at ip table level?

I have cloudflare → nginx (crowdsec bouncer) → website, I have it configured so at the log level in nginx I get the real IP and not the cloudflare IP. So the bouncer and crowdsec see the real IP and not the cloudflare proxy IP, and it bans the real IP.

I know there is a bouncer for cloudflare but I prefer this way


Nginx bouncer does at the webserver level, so that if your x-forwarded-for is correctly configured, it will block on the real ip, not cf’s proxy ip :slight_smile: