chore: clean .gitignore cache
This commit is contained in:
GitHub Actions
@@ -1,91 +0,0 @@
|
||||
---
|
||||
title: CrowdSec Integration
|
||||
description: Behavior-based threat detection powered by a global community
|
||||
---
|
||||
|
||||
# CrowdSec Integration
|
||||
|
||||
Protect your applications using behavior-based threat detection powered by a global community of security data. Bad actors get blocked automatically before they can cause harm.
|
||||
|
||||
## Overview
|
||||
|
||||
CrowdSec analyzes your traffic patterns and blocks malicious behavior in real-time. Unlike traditional firewalls that rely on static rules, CrowdSec uses behavioral analysis and crowdsourced threat intelligence to identify and stop attacks.
|
||||
|
||||
Key capabilities:
|
||||
|
||||
- **Behavior Detection** — Identifies attack patterns like brute-force, scanning, and exploitation
|
||||
- **Community Blocklists** — Benefit from threats detected by the global CrowdSec community
|
||||
- **Real-time Blocking** — Malicious IPs are blocked immediately via Caddy integration
|
||||
- **Automatic Updates** — Threat intelligence updates continuously
|
||||
|
||||
## Why Use This
|
||||
|
||||
- **Proactive Defense** — Block attackers before they succeed
|
||||
- **Zero False Positives** — Behavioral analysis reduces incorrect blocks
|
||||
- **Community Intelligence** — Leverage data from thousands of CrowdSec users
|
||||
- **GUI-Controlled** — Enable/disable directly from the UI, no environment variables needed
|
||||
|
||||
## Configuration
|
||||
|
||||
### Enabling CrowdSec
|
||||
|
||||
1. Navigate to **Settings → Security**
|
||||
2. Toggle **CrowdSec Protection** to enabled
|
||||
3. CrowdSec starts automatically and persists across container restarts
|
||||
|
||||
No environment variables or manual configuration required.
|
||||
|
||||
### Hub Presets
|
||||
|
||||
Access pre-built security configurations from the CrowdSec Hub:
|
||||
|
||||
1. Go to **Settings → Security → Hub Presets**
|
||||
2. Browse available collections (e.g., `crowdsecurity/nginx`, `crowdsecurity/http-cve`)
|
||||
3. Search for specific parsers, scenarios, or collections
|
||||
4. Click **Install** to add to your configuration
|
||||
|
||||
Popular presets include:
|
||||
|
||||
- **HTTP Probing** — Detect reconnaissance and scanning
|
||||
- **Bad User-Agents** — Block known malicious bots
|
||||
- **CVE Exploits** — Protection against known vulnerabilities
|
||||
|
||||
### Console Enrollment
|
||||
|
||||
Connect to the CrowdSec Console for centralized management:
|
||||
|
||||
1. Go to **Settings → Security → Console Enrollment**
|
||||
2. Enter your enrollment key from [console.crowdsec.net](https://console.crowdsec.net)
|
||||
3. Click **Enroll**
|
||||
|
||||
The Console provides:
|
||||
|
||||
- Multi-instance management
|
||||
- Historical attack data
|
||||
- Alert notifications
|
||||
- Blocklist subscriptions
|
||||
|
||||
### Live Decisions
|
||||
|
||||
View active blocks in real-time:
|
||||
|
||||
1. Navigate to **Security → Live Decisions**
|
||||
2. See all currently blocked IPs with:
|
||||
- IP address and origin country
|
||||
- Reason for block (scenario triggered)
|
||||
- Duration remaining
|
||||
- Option to manually unban
|
||||
|
||||
## Automatic Startup & Persistence
|
||||
|
||||
CrowdSec settings are stored in Charon's database and synchronized with the Security Config:
|
||||
|
||||
- **On Container Start** — CrowdSec launches automatically if previously enabled
|
||||
- **Configuration Sync** — Changes in the UI immediately apply to CrowdSec
|
||||
- **State Persistence** — Decisions and configurations survive restarts
|
||||
|
||||
## Related
|
||||
|
||||
- [Web Application Firewall](./waf.md) — Complement CrowdSec with WAF protection
|
||||
- [Access Control](./access-control.md) — Manual IP blocking and geo-restrictions
|
||||
- [Back to Features](../features.md)
|
||||
Reference in New Issue
Block a user