Closed chladic closed 2 years ago
Hello,
This is definitely something that should not happen :/
Could you upload the logs from the bouncer somewhere to see if we got an error response from the WAF API at any point ?
@blotus
There is this msg as well:
time="27-06-2022 09:03:52" level=info msg="could not find empty set, creating new set" acl=waf-production-alb-web-waf component=ipset_manager region=eu-west-1 scope=REGIONAL
time="27-06-2022 09:04:12" level=info msg="could not find empty set, creating new set" acl=waf-production-alb-web-waf component=ipset_manager region=eu-west-1 scope=REGIONAL
time="27-06-2022 11:04:02" level=info msg="could not find empty set, creating new set" acl=waf-production-alb-web-waf component=ipset_manager region=eu-west-1 scope=REGIONAL
time="27-06-2022 13:04:02" level=info msg="could not find empty set, creating new set" acl=waf-production-alb-web-waf component=ipset_manager region=eu-west-1 scope=REGIONAL
Fixed by #10.
@blotus fantastic, many thanks
Hello crowdsec,
When I start bouncer it creates 2 IP sets for community blocklist (cca 18000 IPs, so 10000 + 8000), then it creates IPset for custom Ban ipv4 + custom ipset for ipv6 + custom ipset for captcha. In total 5 IPsets what is fine.
But then every 2 hours it creates another IPset with community blocklist. I found out that bouncer take alert whenever community blacklist is updated but instead of replacing it, it creates new one.