1426c6f885
Comprehensive documentation overhaul for Charon features: Rewrite features.md as marketing overview (87% reduction) Create comprehensive dns-challenge.md for new DNS feature Expand 18 feature stub pages into complete documentation: SSL certificates, CrowdSec, WAF, ACLs, rate limiting Security headers, proxy headers, web UI, Docker integration Caddyfile import, logs, WebSocket, backup/restore Live reload, localization, API, UI themes, supply chain security Update README.md with DNS Challenge in Top Features Total: ~2,000+ lines of new user-facing documentation Refs: #21, #461
3.2 KiB
title, description
| title | description |
|---|---|
| CrowdSec Integration | Behavior-based threat detection powered by a global community |
CrowdSec Integration
Protect your applications using behavior-based threat detection powered by a global community of security data. Bad actors get blocked automatically before they can cause harm.
Overview
CrowdSec analyzes your traffic patterns and blocks malicious behavior in real-time. Unlike traditional firewalls that rely on static rules, CrowdSec uses behavioral analysis and crowdsourced threat intelligence to identify and stop attacks.
Key capabilities:
- Behavior Detection — Identifies attack patterns like brute-force, scanning, and exploitation
- Community Blocklists — Benefit from threats detected by the global CrowdSec community
- Real-time Blocking — Malicious IPs are blocked immediately via Caddy integration
- Automatic Updates — Threat intelligence updates continuously
Why Use This
- Proactive Defense — Block attackers before they succeed
- Zero False Positives — Behavioral analysis reduces incorrect blocks
- Community Intelligence — Leverage data from thousands of CrowdSec users
- GUI-Controlled — Enable/disable directly from the UI, no environment variables needed
Configuration
Enabling CrowdSec
- Navigate to Settings → Security
- Toggle CrowdSec Protection to enabled
- CrowdSec starts automatically and persists across container restarts
No environment variables or manual configuration required.
Hub Presets
Access pre-built security configurations from the CrowdSec Hub:
- Go to Settings → Security → Hub Presets
- Browse available collections (e.g.,
crowdsecurity/nginx,crowdsecurity/http-cve) - Search for specific parsers, scenarios, or collections
- Click Install to add to your configuration
Popular presets include:
- HTTP Probing — Detect reconnaissance and scanning
- Bad User-Agents — Block known malicious bots
- CVE Exploits — Protection against known vulnerabilities
Console Enrollment
Connect to the CrowdSec Console for centralized management:
- Go to Settings → Security → Console Enrollment
- Enter your enrollment key from console.crowdsec.net
- Click Enroll
The Console provides:
- Multi-instance management
- Historical attack data
- Alert notifications
- Blocklist subscriptions
Live Decisions
View active blocks in real-time:
- Navigate to Security → Live Decisions
- See all currently blocked IPs with:
- IP address and origin country
- Reason for block (scenario triggered)
- Duration remaining
- Option to manually unban
Automatic Startup & Persistence
CrowdSec settings are stored in Charon's database and synchronized with the Security Config:
- On Container Start — CrowdSec launches automatically if previously enabled
- Configuration Sync — Changes in the UI immediately apply to CrowdSec
- State Persistence — Decisions and configurations survive restarts
Related
- Web Application Firewall — Complement CrowdSec with WAF protection
- Access Control — Manual IP blocking and geo-restrictions
- Back to Features