ImranR98
commented
2 months ago Looking more into it, it's obvious this is a Crowdsec issue, not the bouncer's fault. In case anyone ends up here: https://github.com/crowdsecurity/helm-charts/issues/190
Closed ImranR98 closed 2 months ago
ImranR98
commented
2 months ago Looking more into it, it's obvious this is a Crowdsec issue, not the bouncer's fault. In case anyone ends up here: https://github.com/crowdsecurity/helm-charts/issues/190
I have the bouncer up and running on my K8s cluster and am able to ban and unban my own IP manually. I also see a bunch of decisions from the CAPI so I assume known malicious IPs are being blocked as well.
However, it doesn't look like any local attacks are being blocked (HTTP probing, XSS, etc.). When I use the
niktotool to simulate an attack, the bouncer doesn't ban anything. For comparison, my Docker compose instance of Traefik/Crowdsec immediately issues a ban within a few seconds of using the tool (both the K8s and Docker setups are very similar and on the same network).I've used the example in this repo as a template so am confused about where I went wrong. Also confirmed that my Traefik access logs are enabled and that they show the real IP of the client.
I did notice that running
cscli metricsdoes not show anAcquisition Metricstable on K8s (it does in my previous Docker setup). Maybe that's a clue? Myagent.acquisitionlooks identical to the example.Not sure if this is an issue with the bouncer or not, hopefully this is the right place to post. Any help is appreciated!