Why Crowdsec + Appsec in traefik not automate banned?

afrzlfa · January 2, 2025, 3:42am

Why doesn’t CrowdSec + AppSec inside the Traefik Docker make banned decisions, even though it has already triggered an alert? How can it be made to trigger the banned action?

root@CrowdSec:/# docker exec -it traefik cscli alert list
╭────┬──────────────────┬─────────────────────────────────┬─────────┬────┬───────────┬───────────────────────────────╮
│ ID │ value │ reason │ country │ as │ decisions │ created_at │
├────┼──────────────────┼─────────────────────────────────┼─────────┼────┼───────────┼───────────────────────────────┤
+0000 UTC │
│ 1 │ Ip:xx.xx.xx.xx │ crowdsecurity/vpatch-env-access │ │ │ │ 2025-01-02 03:48:10 +0000 UTC │
╰────┴──────────────────┴─────────────────────────────────┴─────────┴────┴───────────┴───────────────────────────────╯
root@CrowdSec:/# docker exec -it traefik cscli decisions list
No active decisions
root@CrowdSec:/#

iiAmLoz · January 2, 2025, 9:55am

By default the vpatch scenario needs a user to trigger 2 distinct appsec rules to get a decision, this is because we saw alot of false positive potential if a user trips up one rule.

You can change this behavior by changing capacity to 0 and this will trigger always on the first rule that get poured.

Topic		Replies	Views
Bans not activated crowdsec	1	1194	March 31, 2023
It works with a delay and doesn't ban crowdsec	8	1178	May 22, 2023
How to avoid getting alerts for IPs on subscribed blocklists? crowdsec	8	804	February 14, 2024
Crowdsec and Traefik crowdsec	7	4997	March 13, 2022
I am constantly being banned from my server crowdsec	3	2024	June 13, 2023

Why Crowdsec + Appsec in traefik not automate banned?

Related topics