Via the terminal with `sudo cscli
Via the terminal with
sudo cscli decisions add -i 173.80.198.81 -R http -d 20m47 Replies
I'm confused what this has to do with Cloudflare then?
I'm using crowdsec through cloudflare tunnel for my nextcloud instance that I'm self hosting
Via the crowdsec-cloudflare-bouncer
I believe I have enough space in my dashboard to allow banning for crowdsec purposes.
Managed challenge doesn't mean that connections are blocked. It means Cloudflare checks the browser but will still let it through if it passes the challenge
Oh, ok. So that means Cloudflare wouldn't ever do the blocking. My webserver would need to do that?
Cloudflare will block the connection if it fails the challenge. If you want to block connections rather than challenge change
default_action: managed_challenge to default_action: blockSorry, which file would I need to update that in?
Oh, I see where.
Would you say this is sufficient?
https://hastebin.com/tuxamelera.yaml
You are overriding the action in the zone section
Unless that is expected, you want to change to block as well
Boy... right there in black & white lol. Thank you. I will try this now.
Ok, made the changes to this now: https://hastebin.com/orogozaqet.yaml - Tried another test ban with
sudo cscli decisions add -i 173.80.198.81 -R http -d 20m - but I'm still able to reach my website after a few refreshes 😦I would check the firewall rule in Cloudflare WAF to see if it has changed from managed_challenge there
Looks like it's
managed_challenge there :
Try just changing it in the WAF rule
I think I updated it correctly in the WAF rule?
Yeah that should do it
Thanks, I saved it and restarted my server. I re-banned the IP and tried accessing the site and it still loads the page 😦
Well that's weird. Some sanity checks
1. Can you see if the IP actually makes it to the list.
2. Does anything appear in the WAF log that shows the IP being allowed through
If I tail my nextcloud.log I can see the IP address hitting the server:
tbh, I'm not entirely sure how to check the WAF log.
Ok, I don't appear to see anything hit my WAF firewall logs since yesterday.
Previous 30 mins:
Alright looks like the IP is never making it to the list then. Might want to check the logs for the application that adds IPs to the list to make sure there are no errors there
Ok, not really seeing anything in my
/var/log/crowdsec-cloudflare-bouncer.log file. I'm assuming this is the application that adds IPs to the list.
Quick question about the block rule. Is that function going away in the future for managed_challenge to take it's place?Block isn't going away from the Cloudflare side.
Oh, for some reason the team over at Crowdsec thought it was going away when I reached out for help on it today lol
It might be going away on crowdsec side but not Cloudflare
Do you know what would be causing this? I don't think my list is full.
It's trying to create a new list and not append to current list
Ah okay, I may need to revisit my
crowdsec-cloudflare-bouncer.yaml to make sure it's pointing to the right list?It depends if you can manually point to the list ID. If not then you need to delete the current list
Hmm, there appears to be this in the bouncer.yaml
ip_list_prefix: crowdsec_block - the name of my current list is crowdsec_block on the CF dashboard:
Yeah but that's just the name
Ok, I see what you're saying now. It does have a value for
accounts: - id: <long sting> - Do you know where I can find this id?Account and Zone ID can be found here https://dash.cloudflare.com/?to=/:account/:zone scroll down on the right
Ok, good. Mine is set to the correct Zone ID and Account ID already.
Yeah I think it lost the list ID
Think deleting the list is the fix for that?
Yeah it would be
Thanks man, I'll give that a try 🙂
Welp! lol
I'm just gonna create a new list
Oh, I can't since I'm tied to only 1 list it seems.
I managed to figure out how to delete it 🙂
So, which should I make first. The list or the firewall rule?
Delete the firewall rule then the list and restart the bouncer service so it makes the rule and list again
Oh, that may have been where I goofed earlier as I was creating the list/rules manually from the dashboard (or one or the other as it were)
It's working now! Thank you so much for your help, friend!
Sorry, got one more question for you as I've been documenting all steps to see if I can replicate things for another website. I'm back to getting the error
level=fatal msg="This account is at the maximum number of lists (10019)" when viewing sudo systemctl status crowdsec-cloudflare-bouncer - There actually isn't any firewall rules showing on the CF dashboard for this domain, so I'm a bit confused why it would be saying this?
This is the lists page
https://discord.com/channels/595317990191398933/1030884977094701116/1031225690697256971
And lists are per account not per zone
Oh, okay. I see! Thank you!
Is there a way to obtain more lists? Like, can an additional list be purchased?
I don't think you can buy lists specifically but the pro plan gets 10 IP lists