Whitelist user agent and regex expression

Foxinou35 · November 5, 2021, 7:44am

Hi Thibault

time="04-11-2021 11:55:47" level=info msg="Ip 34.245.204.174 performed 'crowdsecurity/http-probing' (13 events over 1m33.240032522s) at 2021-11-04 11:55:47.849649143 +0000 UTC m=+73604.010430156"
time="04-11-2021 11:55:48" level=info msg="(3c1f443a494fb47370e37e34680787eerc0sj7zOceruPRSl/crowdsec) crowdsecurity/http-probing by ip 34.245.204.174 (IE) : 4h ban on Ip 34.245.204.174"

There should be more logs ?

The yaml file is located in /etc/crowdsec/parsers/s02-enrich/

name: crowdsecurity/totoscraper
description: "Whitelist events from toto scraper"
whitelist:
  reason: "toto scraper"
  expression:
   - evt.Parsed.http_user_agent matches "Toto-Scraper/.* Acme \\(https://www.acme.com/en/digital-website\\)"

ua exemple :

Toto-Scraper/1.2.5 Acme (https://www.acme.com/en/digital-website)

Thanks

Topic		Replies	Views
Best way to whitelist http request crowdsec	3	525	May 28, 2024
Whitelist User Agent crowdsec	9	1828	February 28, 2022
Adding exceptions for allowed 404 errors crowdsec	11	1902	May 6, 2022
Help with whitelist rules - expression with portion of URL	10	3486	November 10, 2020
"not in" on scenarios filter crowdsec	2	569	November 16, 2022

Whitelist user agent and regex expression

Related topics