Server ban it self with http-crawl-non_statics error

solehf · December 1, 2021, 12:51am

Hi,
I Install crowdsec in two server. Both server have nginx + php. I already install

crowdsec firewall bouncer
crowdsec nginx bouncer

On the first server, there is no problem. But on the second server crowdsec ban it’s own public IP (http-crawl-non_statics).

I already add a new whitelist on /etc/crowdsec/parsers/s02-enrich/mywhitelist.yaml

name: crowdsecurity/whitelists
description: “Whitelist events from my ip addresses”
whitelist:
reason: “my ip ranges”
ip:
- xxx.xxx.xxx.xxx

and also add additional whitelist on /etc/rowdsec/parsers/s02-enrich/whitelist.yaml
name: crowdsecurity/whitelists
description: “Whitelist events from private ipv4 addresses”
whitelist:
reason: “private ipv4/ipv6 ip/ranges”
ip:
- “127.0.0.1”
- “::1”
cidr:
- “192.168.0.0/16”
- “10.0.0.0/8”
- “172.16.0.0/12”
- “xxx.xxx.xxx.xxx/32”
expression:
- “‘domain.com’ in evt.Parsed.requers”
- “‘api.domain.com’ in evt.Parsed.request”

When I activate crowdsec, and brows to website, it will give error 500 (I use laravel on that website).

Is there any clue to check, with my configuration ?

Best regards

klausagnoletti · December 2, 2021, 8:18pm

Hi. That sounds strange. Could you provide us with relevant logs from crowdsec as well as from nginx so we can gain insight to what’s going on?

Thanks!

solehf · December 6, 2021, 12:45am

Hi, I fix this by reinstall crowdsec.
After reinstall, everything working well.

Topic		Replies	Views
False positive with http-crawl-non_statics? crowdsec	2	2585	November 15, 2022
False bans from normal Jira usage crowdsec	8	657	February 1, 2022
Help with whitelist rules - expression with portion of URL	10	2522	November 10, 2020
Http-crawl-non_statics and Rocket.Chat crowdsec	4	248	October 30, 2023
Ipset, performance, whitelist, api, dashboard, postfix logs crowdsec	4	1000	October 16, 2020

Server ban it self with http-crawl-non_statics error

Related Topics