A CrowdSec Bouncer that syncs the decisions made by CrowdSec with CloudFlare's firewall. Manages multi user, multi account, multi zone setup. Supports IP, Country and AS scoped decisions.
Not sure what is going on, I checked and I have no rules on any of my domains and no main firewall rule, I ran this to remove everything to make sure. sudo docker run --rm -it -v ./cloudflare/cfg.yaml:/etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml --name BouncerRecovery 'crowdsecurity/cloudflare-bouncer' -d
Here are the API permissions:
But no matter what I do I get No changes to IP rules which means I have zero rules added to cloudflare.
Here is my cfg.yaml
# Config generated by using /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml as base
crowdsec_lapi_url: http://crowdsec:8080/
crowdsec_lapi_key: [redacted]
crowdsec_update_frequency: 10s
include_scenarios_containing: [] # ignore IPs banned for triggering scenarios not containing either of provided word
exclude_scenarios_containing: [] # ignore IPs banned for triggering scenarios containing either of provided word
only_include_decisions_from: [] # only include IPs banned due to decisions orginating from provided sources. eg value ["cscli", "crowdsec"]cloudflare_config:
accounts:
- id: [redacted]
zones:
- zone_id: [redacted]
actions:
- managed_challenge
- zone_id: [redacted]
actions:
- managed_challenge
- zone_id: [redacted]
actions:
- managed_challenge
token: [redacted]
ip_list_prefix: crowdsec
default_action: managed_challenge
total_ip_list_capacity: 9990 # only this many latest IP decisions would be kept
update_frequency: 30s
daemon: false
log_mode: stdout
log_dir: /var/log/
log_level: info
log_max_size: 0
log_max_age: 0
log_max_backups: 0
compress_logs: null
prometheus:
enabled: true
listen_addr: 127.0.0.1
listen_port: "2112"
key_path: ""
cert_path: ""
ca_cert_path: ""
Not sure what is going on, I checked and I have no rules on any of my domains and no main firewall rule, I ran this to remove everything to make sure.
sudo docker run --rm -it -v ./cloudflare/cfg.yaml:/etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml --name BouncerRecovery 'crowdsecurity/cloudflare-bouncer' -d
Here are the API permissions:
But no matter what I do I get No changes to IP rules which means I have zero rules added to cloudflare.
Here is my cfg.yaml
And my docker compose: