search

mostafahussein / crowdsec-bouncer-apisix-plugin

This plugin integrates CrowdSec's decision-making capabilities with Apache APISIX, allowing you to block IPs that have been flagged by CrowdSec. The plugin periodically fetches decisions from CrowdSec and applies them to incoming requests.
Apache License 2.0
6 stars 0 forks source link

Whitelisting already handled by Crowdsec. #1

Open he2ss opened 4 weeks ago

he2ss commented 4 weeks ago

Hi @mostafahussein,

First of all, thank you for this contribution :+1:. I saw some improvements that can be made to improve the remediation component. The first one is the whitelisting; it's only IPv4 compliant. FYI, Crowdsec is already dealing with whitelists. I understand that you need to have it in the plugin directly; maybe if you handle ipv6, it would also be a good improvement :).

mostafahussein commented 3 weeks ago

Hi @he2ss,

Thanks for the suggestion! I'll definitely consider adding IPv6 support 👍🏼.

The idea for the whitelist option actually came from a demo I used while writing the blog post. In the demo, CrowdSec was whitelisting the internal IPs by default. Instead of modifying that, I created a separate subnet that wasn't whitelisted by crowdsec/whitelists. That got me thinking, why not offer this as an option for others who might find it useful? It could be particularly helpful if someone wants to whitelist specific IPs at the API Gateway/Service level or if they're just starting out with CrowdSec and want an extra layer of control.

Thanks again for your suggestion and please feel free to contribute any time 🎉