search

Gizra / drupal-starter

Drupal 10 Starter with best practices
76 stars 40 forks source link

Crowdsec #733

Closed AronNovak closed 1 week ago

AronNovak commented 1 month ago

https://www.drupal.org/project/crowdsec

CrowdSec collects malicious IP addresses globally from everybody who is willing to collaborate. There are many supported "scenarios", under which bad actors and their IP addresses can be reported. Once CrowdSec is confident because the signals about an IP address are strong enough, that IP gets added to their public block list for a period of time.

This module integrates with the CrowdSec API using their PHP SDK to verify the IP address of each request getting to your Drupal site against their block list and should an IP be listed for being banned, those requests will be rejected and responded with a 403 HTTP response status code.

No worries, the block list is cached locally, and no performance implications are expected.

For several projects, we picked IPs by hand, as no WAF is available. This is a collective global IP picking automated, round the clock :lock: !

AronNovak commented 1 month ago

https://www.drupal.org/project/crowdsec/issues/3480150

AronNovak commented 1 month ago

@mariano-dagostino Good point!

  /** 
   * Initialize and return the cache backend.
   *
   * @return \CrowdSec\RemediationEngine\CacheStorage\AbstractCache
   *   The initialized cache backend.
   */
  private function cache(): AbstractCache {
    if (!isset($this->cache)) {
      if ($redis = Settings::get('redis.connection')) {
        $dns = 'redis://' . ($redis['host'] ?? 'localhost') . ':' . ($redis['port'] ?? '6379');
        $this->cache = new Redis(['redis_dsn' => $dns], $this->logger);
      }   
      else {
        $this->cache = new PhpFiles(['fs_cache_path' => $this->fileSystem->getTempDirectory() . '/crowdsec'], $this->logger);
      }   

    }   
    return $this->cache;
  }

This is from the code of the module. If Redis is configured, it automatically uses that, the doc is misleading in my opinion.

AronNovak commented 1 week ago

It's serving one of the client sites for a while now. We may consider, at another site, @balagan73 faced with very strange Rollbar errors, if we'd have Crowdsec, we'd have less noise (and more power for visitors)

AronNovak commented 1 week ago

Added README as well.