Servers IP Banned, cannot access decisions due to JWT error

Weastwood · October 1, 2024, 4:23pm

Hi,

So my whitelist of local IP’s did not seem to work properly. That itself is not the issue, the issue is that I cannot seem to delete the decision. This has happened before and I was able to delete it as normal, but now it throws FATA unable to retrieve decisions: performing request: Get "http://crowdsec:8080/v1/alerts?has_active_decision=true&include_capi=false&limit=100": could not get jwt token: Post "http://crowdsec:8080/v1/watchers/login": dial tcp <ip>:8080: connect: connection refused or just straight up crashes the docker container. Running it from inside the container also does not work. The LAPI key is up to date in the .env file and I can access other things like bouncers. Any ideas on how to remediate?

iiAmLoz · October 2, 2024, 7:46am

When you have a decision against an IP blocks access to the LAPI, you need to temporarily disable the remediation component that is enforcing the decision (in this case most likely it is the firewall bouncer) so run:

systemctl stop crowdsec-firewall-bouncer.service

then once the firewall remediation is stopped you can do the cscli decisions delete command. If you are running multiple CrowdSec’s to a single LAPI then it best to run these commands on the main LAPI itself.

Topic		Replies	Views
Decisions not applied crowdsec	3	2824	June 8, 2021
Decisions list not updated	8	1603	April 28, 2022
[docker setup] local bouncer on host doesn't ban IPs	3	1070	September 30, 2023
Decision not listed crowdsec	8	48	July 31, 2024
Unable to list decisions crowdsec	2	854	September 27, 2022

Servers IP Banned, cannot access decisions due to JWT error

Related Topics