Closed yfhyou closed 1 month ago
LaurenceJJones
commented
1 year ago We had this before and the user had to contact cloudflare support as there is a long standing bug on their end. If I recall it was something like if you delete a zone when a list is in use it will become permanently in use.
We use the same API as you manually called so if you cannot see it then there no much we can do other than ask you to contact cloudflare support.
LtSich
commented
1 year ago Cloudflare support do nothing about that... They don't care at all... It's like those list are mostly unsupported... And since few weeks I have so much rate limit... It was working fine in 2022, but recently.... useless... as updating your list every hour is not very effective...
LaurenceJJones
commented
1 year ago Yeah, I agree. In our experience they dont seem to want to support it as the suggestion we have on "fixes" have been to move to workers which is rather limited and can easily fall into a paid plan.
yfhyou
commented
1 year ago Unfortunate news. I guess this bouncer is essentially useless for me as the list has reached 10k items and whenever the bouncer runs everything seems to work, but nothing is actually ever updated. For example, I've used the exclude "ssh" items, but the list remains at 10k even though a lot of decisions should have been removed. So it seems the list is no longer updating.
I've emailed cloudflare support, but I'm not expecting much with a free account :slightly_frowning_face:
time="02-05-2023 10:39:01" level=info msg="Starting crowdsec-cloudflare-bouncer v0.2.1-6b30687c25027607083926cb2112dd06e04dae59"
time="02-05-2023 10:39:01" level=info msg="Using API key auth"
time="02-05-2023 10:39:01" level=debug msg="req-api: GET http://crowdsec:8080/v1/decisions/stream?scenarios_not_containing=ssh&scopes=ip%2Crange%2Cas%2Ccountry&startup=true"
time="02-05-2023 10:39:02" level=info msg="using existing ip list crowdsec_block 9axxxxxxxx" account_id=ffxxxxxxxxx
time="02-05-2023 10:39:02" level=debug msg="resp-api: http 200"
time="02-05-2023 10:39:02" level=debug msg="[headers] Content-Type : [application/json; charset=utf-8]"
time="02-05-2023 10:39:02" level=debug msg="[headers] Date : [Tue, 02 May 2023 14:39:02 GMT]"
time="02-05-2023 10:39:02" level=debug msg="Response: HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\nContent-Type: application/json; charset=utf-8\r\nDate: Tue, 02 May 2023 14:39:02 GMT\r\n\r\n4f270c\r\n{\"deleted\": 6MB of JSON response
time="02-05-2023 10:39:02" level=info msg="found existing rule for block action" account_id=ffxxxxxxxxx zone_id=2dxxxxxxxxxxxx
time="02-05-2023 10:39:02" level=debug msg="ip list setup complete" account_id=ffxxxxxxxxx
time="02-05-2023 10:39:02" level=info msg="skipping rule creation for block" account_id=ffxxxxxxxxx zone_id=2dxxxxxxxxxxxx
time="02-05-2023 10:39:02" level=info msg="setup of firewall rules complete" account_id=ffxxxxxxxxx
time="02-05-2023 10:39:02" level=debug msg="collecting decisions from LAPI" account_id=ffxxxxxxxxx
time="02-05-2023 10:39:02" level=debug msg="found new decision with value=23.94.236.105, scope=Ip, type=ban" account_id=ffxxxxxxxxx
.... continue 1000s lines of new decisions
.... 1000s of lines of expired decisionsCloudflare support was able to do something that allowed me to delete the list. Not sure what as there were no rules, filters, etc that I could find that were using the list.
Seems to be an issue where the ip list cannot be deleted. Cloudflare seems to think it is used in a rule somewhere, but I have checked all rules and it is not being used.
I have tried using the API directly to delete the list, using
crowdsec-cloudflare-bouncer -d, deleting in the web interface, all to no avail. Always get the same error. I have also checked all my zones rules via the API and the list is not referenced anywhere.It seems others have faced a similar issue as reported in the cloudflare community: https://community.cloudflare.com/t/cant-delete-the-ip-list-filters-api-ip-list-in-use/501307