Not working for me (using cloudflare)

  • Resolved rhandyx

    (@rhandyx)


    1 year, 11 months ago

    I′m using CYBERPANEL, OPENLITESPEED SERVER.
    I have site behind cloudflare.
    For I can get Real IP′s on my OPENLITESPEED server LOGS I have follow this tutorial .

    I have install crowdsec on my ubunto 20.04 server
    I install this plugin on my wordpress site
    Inside of /plugins/crowdsec/logs

    I have this logs

    2022-12-26T17:48:05.372775+00:00|300|{"type":"NON_AUTHORIZED_X_FORWARDED_FOR_USAGE","original_ip":"188.75.5.3","x_forwarded_for_ip":"188.75.5.3"}
2022-12-26T17:48:05.375860+00:00|200|{"type":"CLEAN_VALUE","scope":"Ip","value":"188.75.5.3","cache":"miss"}
2022-12-26T17:48:05.376178+00:00|200|{"type":"FINAL_REMEDIATION","ip":"188.75.5.3","remediation":"bypass"}
    #cscli metrics

Local Api Bouncers Metrics:
╭────────────────────────────┬──────────────────────┬────────┬──────╮
│          Bouncer           │        Route         │ Method │ Hits │
├────────────────────────────┼──────────────────────┼────────┼──────┤
│ FirewallBouncer-1672075704 │ /v1/decisions/stream │ GET    │ 119  │
│ wordpress-bouncer          │ /v1/decisions        │ GET    │ 32   │
╰────────────────────────────┴──────────────────────┴────────┴──────╯

Local Api Bouncers Decisions:
╭───────────────────┬───────────────┬───────────────────╮
│      Bouncer      │ Empty answers │ Non-empty answers │
├───────────────────┼───────────────┼───────────────────┤
│ wordpress-bouncer │ 32            │ 0

    CROWSEC metrics detect 32 hits but not take any action.
    Never block any IP.

    I already try disable proxy on cloudflare (orange cloud) and results are same.

    • This topic was modified 1 year, 11 months ago by rhandyx.
Viewing 6 replies - 1 through 6 (of 6 total)

  • Hi,
    Thanks for your message.
    This log message :
    {"type":"NON_AUTHORIZED_X_FORWARDED_FOR_USAGE","original_ip":"188.75.5.3","x_forwarded_for_ip":"188.75.5.3"}
    makes me think that your proxy IP is 188.75.5.3 and that this IP has not been whitelisted as a trusted IP.

    Thus, the bouncer is trying to bounce the 188.75.5.3 IP and, as there is no active decision for this specific IP, it is not blocked.

    Please try to add this IP to the trusted IPs in the WordPress plugin setting :

    Advanced → Remediations → Trust these CDN IPs (or Load Balancer, HTTP Proxy)

    Thanks

    Thread Starter rhandyx

    (@rhandyx)

    Hi

    No, IP 188.75.5.3 is Dynamic ip from my home computer in the momment I have make this test.

    For I get my real IP I have config OLS like this:

    https://openlitespeed.org/kb/show-real-visitor-ip-instead-of-cloudflare-ips/

    more logs on /wp-content/plugins/crowdsec/logs
    and this I think it was trying to hit

    2022-12-28T21:24:35.702419+00:00|200|{"type":"CLEAN_VALUE","scope":"Ip","value":"3.238.255.1","cache":"hit"}
2022-12-28T21:24:35.702566+00:00|200|{"type":"FINAL_REMEDIATION","ip":"3.238.255.1","remediation":"bypass"}
2022-12-28T21:24:35.727285+00:00|300|{"type":"NON_AUTHORIZED_X_FORWARDED_FOR_USAGE","original_ip":"3.227.240.24","x_forwarded_for_ip":"3.227.240.24"}
2022-12-28T21:24:35.759419+00:00|200|{"type":"CLEAN_VALUE","scope":"Ip","value":"3.227.240.24","cache":"miss"}
2022-12-28T21:24:35.759669+00:00|200|{"type":"FINAL_REMEDIATION","ip":"3.227.240.24","remediation":"bypass"}
2022-12-28T21:24:35.848880+00:00|300|{"type":"NON_AUTHORIZED_X_FORWARDED_FOR_USAGE","original_ip":"54.89.190.46","x_forwarded_for_ip":"54.89.190.46"}
2022-12-28T21:24:35.849156+00:00|200|{"type":"CLEAN_VALUE","scope":"Ip","value":"54.89.190.46","cache":"hit"}
2022-12-28T21:24:35.860509+00:00|200|{"type":"FINAL_REMEDIATION","ip":"54.89.190.46","remediation":"bypass"}
2022-12-28T21:24:35.929565+00:00|300|{"type":"NON_AUTHORIZED_X_FORWARDED_FOR_USAGE","original_ip":"3.235.15.10","x_forwarded_for_ip":"3.235.15.10"}
2022-12-28T21:24:35.929842+00:00|200|{"type":"CLEAN_VALUE","scope":"Ip","value":"3.235.15.10","cache":"hit"}
2022-12-28T21:24:35.930012+00:00|200|{"type":"FINAL_REMEDIATION","ip":"3.235.15.10","remediation":"bypass"}
2022-12-28T21:24:36.024869+00:00|300|{"type":"NON_AUTHORIZED_X_FORWARDED_FOR_USAGE","original_ip":"3.89.116.106","x_forwarded_for_ip":"3.89.116.106"}
2022-12-28T21:24:36.025210+00:00|200|{"type":"CLEAN_VALUE","scope":"Ip","value":"3.89.116.106","cache":"hit"}
    • This reply was modified 1 year, 11 months ago by rhandyx.
    • This reply was modified 1 year, 11 months ago by rhandyx.

    Hi,
    It seems that with your configuration the IP that is in the X-Forwarded-For header and the IP that is in the $_SERVER['REMOTE_ADDR'] are the same. That is why the log shows the same value for original_ip and x_forwarded_for_ip.

    But this should not be an issue and if there is any active decision for the logged IP, it should work.

    Can you check that there is an active decision for the logged IP ?

    To check if there is an active decision for an IP a.b.c.d you can run

    cscli decisions list -i a.b.c.d

    For example, when your log says :

    {"type":"NON_AUTHORIZED_X_FORWARDED_FOR_USAGE","original_ip":"3.89.116.106","x_forwarded_for_ip":"3.89.116.106"}

    can you look at the result of

    cscli decisions list -i 3.89.116.106

    If there is no active decision, then this normal that the result of log is “bypass”.

    If there is an active decision, please let me know as we should not get a “bypass” then.

    Furthermore, in order to debug what could happen, you should find a log message starting with "type":"BOUNCER_INIT" in the debug.log file (if you set the debug log setting to true).
    This line contains your plugin settings : could you share it here ?

    Thanks

    Thread Starter rhandyx

    (@rhandyx)

    Hi thank you for your time.

    #cscli decisions list -i 3.89.116.106
No active decisions

    Is bypass decisions from crowdsec wp-plugin

    I have try lots of wrong login attemps
    here is debug log:

    2022-12-30T17:50:30.302281+00:00|300|{"type":"NON_AUTHORIZED_X_FORWARDED_FOR_USAGE","original_ip":"188.75.5.3","x_forwarded_for_ip":"188.75.5.3"}
2022-12-30T17:50:30.302499+00:00|100|{"type":"START_IP_CHECK","ip":"188.75.5.3"}
2022-12-30T17:50:30.302540+00:00|100|{"type":"DIRECT_API_CALL","ip":"188.75.5.3"}
2022-12-30T17:50:30.304726+00:00|200|{"type":"CLEAN_VALUE","scope":"Ip","value":"188.75.5.3","cache":"miss"}
2022-12-30T17:50:30.304890+00:00|200|{"type":"FINAL_REMEDIATION","ip":"188.75.5.3","remediation":"bypass"}
2022-12-30T17:50:34.244907+00:00|100|{"type":"REST_CLIENT_INIT","base_uri":"https://localhost:8080","timeout":120,"user_agent":"WordPress CrowdSec Bouncer/v1.11.0"}
2022-12-30T17:50:34.245079+00:00|100|{"type":"API_CLIENT_INIT","user_agent":"WordPress CrowdSec Bouncer/v1.11.0","rest_client":"CrowdSecBouncer\\RestClient\\Curl"}
2022-12-30T17:50:34.245754+00:00|100|{"type":"API_CACHE_INIT","adapter":"Symfony\\Component\\Cache\\Adapter\\TagAwareAdapter","mode":"live","fallback_remediation":"captcha","exp_clean_ips":5,"exp_bad_ips":20,"exp_captcha_flow":86400,"exp_geolocation_result":86400,"warmed_up":"false","geolocation":{"enabled":false,"type":"maxmind","save_result":false,"maxmind":{"database_type":"country","database_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../geolocation/"}}}
2022-12-30T17:50:34.245787+00:00|100|{"type":"BOUNCER_INIT","logger":"Monolog\\Logger","max_remediation_level":0,"configs":{"api_key":"***","auth_type":"api_key","tls_cert_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../tls/","tls_key_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../tls/","tls_verify_peer":false,"tls_ca_cert_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../tls/","api_url":"https://localhost:8080","use_curl":true,"api_user_agent":"WordPress CrowdSec Bouncer/v1.11.0","api_timeout":120,"debug_mode":true,"disable_prod_log":false,"log_directory_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../logs/","forced_test_ip":"","forced_test_forwarded_ip":"","display_errors":false,"bouncing_level":"normal_bouncing","trust_ip_forward_array":[],"fallback_remediation":"captcha","stream_mode":false,"cache_system":"phpfs","fs_cache_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../.cache","redis_dsn":"","memcached_dsn":"","clean_ip_cache_duration":5,"bad_ip_cache_duration":20,"captcha_cache_duration":86400,"geolocation_cache_duration":86400,"geolocation":{"enabled":false,"type":"maxmind","save_result":false,"maxmind":{"database_type":"country","database_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../geolocation/"}},"max_remediation_level":"ban","excluded_uris":[]}}
2022-12-30T17:50:34.245960+00:00|300|{"type":"NON_AUTHORIZED_X_FORWARDED_FOR_USAGE","original_ip":"188.75.5.3","x_forwarded_for_ip":"188.75.5.3"}
2022-12-30T17:50:34.246201+00:00|100|{"type":"START_IP_CHECK","ip":"188.75.5.3"}
2022-12-30T17:50:34.246243+00:00|100|{"type":"DIRECT_API_CALL","ip":"188.75.5.3"}
2022-12-30T17:50:34.248055+00:00|200|{"type":"CLEAN_VALUE","scope":"Ip","value":"188.75.5.3","cache":"miss"}
2022-12-30T17:50:34.248193+00:00|200|{"type":"FINAL_REMEDIATION","ip":"188.75.5.3","remediation":"bypass"}
2022-12-30T17:50:37.805335+00:00|100|{"type":"REST_CLIENT_INIT","base_uri":"https://localhost:8080","timeout":120,"user_agent":"WordPress CrowdSec Bouncer/v1.11.0"}
2022-12-30T17:50:37.805503+00:00|100|{"type":"API_CLIENT_INIT","user_agent":"WordPress CrowdSec Bouncer/v1.11.0","rest_client":"CrowdSecBouncer\\RestClient\\Curl"}
2022-12-30T17:50:37.806173+00:00|100|{"type":"API_CACHE_INIT","adapter":"Symfony\\Component\\Cache\\Adapter\\TagAwareAdapter","mode":"live","fallback_remediation":"captcha","exp_clean_ips":5,"exp_bad_ips":20,"exp_captcha_flow":86400,"exp_geolocation_result":86400,"warmed_up":"false","geolocation":{"enabled":false,"type":"maxmind","save_result":false,"maxmind":{"database_type":"country","database_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../geolocation/"}}}
2022-12-30T17:50:37.806206+00:00|100|{"type":"BOUNCER_INIT","logger":"Monolog\\Logger","max_remediation_level":0,"configs":{"api_key":"***","auth_type":"api_key","tls_cert_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../tls/","tls_key_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../tls/","tls_verify_peer":false,"tls_ca_cert_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../tls/","api_url":"https://localhost:8080","use_curl":true,"api_user_agent":"WordPress CrowdSec Bouncer/v1.11.0","api_timeout":120,"debug_mode":true,"disable_prod_log":false,"log_directory_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../logs/","forced_test_ip":"","forced_test_forwarded_ip":"","display_errors":false,"bouncing_level":"normal_bouncing","trust_ip_forward_array":[],"fallback_remediation":"captcha","stream_mode":false,"cache_system":"phpfs","fs_cache_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../.cache","redis_dsn":"","memcached_dsn":"","clean_ip_cache_duration":5,"bad_ip_cache_duration":20,"captcha_cache_duration":86400,"geolocation_cache_duration":86400,"geolocation":{"enabled":false,"type":"maxmind","save_result":false,"maxmind":{"database_type":"country","database_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../geolocation/"}},"max_remediation_level":"ban","excluded_uris":[]}}
2022-12-30T17:50:37.806414+00:00|300|{"type":"NON_AUTHORIZED_X_FORWARDED_FOR_USAGE","original_ip":"188.75.5.3","x_forwarded_for_ip":"188.75.5.3"}
2022-12-30T17:50:37.806638+00:00|100|{"type":"START_IP_CHECK","ip":"188.75.5.3"}
2022-12-30T17:50:37.806744+00:00|200|{"type":"CLEAN_VALUE","scope":"Ip","value":"188.75.5.3","cache":"hit"}
2022-12-30T17:50:37.806879+00:00|200|{"type":"FINAL_REMEDIATION","ip":"188.75.5.3","remediation":"bypass"}
2022-12-30T17:50:43.064034+00:00|100|{"type":"REST_CLIENT_INIT","base_uri":"https://localhost:8080","timeout":120,"user_agent":"WordPress CrowdSec Bouncer/v1.11.0"}
2022-12-30T17:50:43.064176+00:00|100|{"type":"API_CLIENT_INIT","user_agent":"WordPress CrowdSec Bouncer/v1.11.0","rest_client":"CrowdSecBouncer\\RestClient\\Curl"}
2022-12-30T17:50:43.064823+00:00|100|{"type":"API_CACHE_INIT","adapter":"Symfony\\Component\\Cache\\Adapter\\TagAwareAdapter","mode":"live","fallback_remediation":"captcha","exp_clean_ips":5,"exp_bad_ips":20,"exp_captcha_flow":86400,"exp_geolocation_result":86400,"warmed_up":"false","geolocation":{"enabled":false,"type":"maxmind","save_result":false,"maxmind":{"database_type":"country","database_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../geolocation/"}}}
2022-12-30T17:50:43.064854+00:00|100|{"type":"BOUNCER_INIT","logger":"Monolog\\Logger","max_remediation_level":0,"configs":{"api_key":"***","auth_type":"api_key","tls_cert_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../tls/","tls_key_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../tls/","tls_verify_peer":false,"tls_ca_cert_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../tls/","api_url":"https://localhost:8080","use_curl":true,"api_user_agent":"WordPress CrowdSec Bouncer/v1.11.0","api_timeout":120,"debug_mode":true,"disable_prod_log":false,"log_directory_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../logs/","forced_test_ip":"","forced_test_forwarded_ip":"","display_errors":false,"bouncing_level":"normal_bouncing","trust_ip_forward_array":[],"fallback_remediation":"captcha","stream_mode":false,"cache_system":"phpfs","fs_cache_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../.cache","redis_dsn":"","memcached_dsn":"","clean_ip_cache_duration":5,"bad_ip_cache_duration":20,"captcha_cache_duration":86400,"geolocation_cache_duration":86400,"geolocation":{"enabled":false,"type":"maxmind","save_result":false,"maxmind":{"database_type":"country","database_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../geolocation/"}},"max_remediation_level":"ban","excluded_uris":[]}}
2022-12-30T17:50:43.065036+00:00|300|{"type":"NON_AUTHORIZED_X_FORWARDED_FOR_USAGE","original_ip":"188.75.5.3","x_forwarded_for_ip":"188.75.5.3"}
2022-12-30T17:50:43.065262+00:00|100|{"type":"START_IP_CHECK","ip":"188.75.5.3"}
2022-12-30T17:50:43.065305+00:00|100|{"type":"DIRECT_API_CALL","ip":"188.75.5.3"}
2022-12-30T17:50:43.067916+00:00|200|{"type":"CLEAN_VALUE","scope":"Ip","value":"188.75.5.3","cache":"miss"}
2022-12-30T17:50:43.068131+00:00|200|{"type":"FINAL_REMEDIATION","ip":"188.75.5.3","remediation":"bypass"}
2022-12-30T17:50:47.480301+00:00|100|{"type":"REST_CLIENT_INIT","base_uri":"https://localhost:8080","timeout":120,"user_agent":"WordPress CrowdSec Bouncer/v1.11.0"}
2022-12-30T17:50:47.480448+00:00|100|{"type":"API_CLIENT_INIT","user_agent":"WordPress CrowdSec Bouncer/v1.11.0","rest_client":"CrowdSecBouncer\\RestClient\\Curl"}
2022-12-30T17:50:47.481104+00:00|100|{"type":"API_CACHE_INIT","adapter":"Symfony\\Component\\Cache\\Adapter\\TagAwareAdapter","mode":"live","fallback_remediation":"captcha","exp_clean_ips":5,"exp_bad_ips":20,"exp_captcha_flow":86400,"exp_geolocation_result":86400,"warmed_up":"false","geolocation":{"enabled":false,"type":"maxmind","save_result":false,"maxmind":{"database_type":"country","database_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../geolocation/"}}}
2022-12-30T17:50:47.481135+00:00|100|{"type":"BOUNCER_INIT","logger":"Monolog\\Logger","max_remediation_level":0,"configs":{"api_key":"***","auth_type":"api_key","tls_cert_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../tls/","tls_key_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../tls/","tls_verify_peer":false,"tls_ca_cert_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../tls/","api_url":"https://localhost:8080","use_curl":true,"api_user_agent":"WordPress CrowdSec Bouncer/v1.11.0","api_timeout":120,"debug_mode":true,"disable_prod_log":false,"log_directory_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../logs/","forced_test_ip":"","forced_test_forwarded_ip":"","display_errors":false,"bouncing_level":"normal_bouncing","trust_ip_forward_array":[],"fallback_remediation":"captcha","stream_mode":false,"cache_system":"phpfs","fs_cache_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../.cache","redis_dsn":"","memcached_dsn":"","clean_ip_cache_duration":5,"bad_ip_cache_duration":20,"captcha_cache_duration":86400,"geolocation_cache_duration":86400,"geolocation":{"enabled":false,"type":"maxmind","save_result":false,"maxmind":{"database_type":"country","database_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../geolocation/"}},"max_remediation_level":"ban","excluded_uris":[]}}
2022-12-30T17:50:47.481335+00:00|300|{"type":"NON_AUTHORIZED_X_FORWARDED_FOR_USAGE","original_ip":"188.75.5.3","x_forwarded_for_ip":"188.75.5.3"}
2022-12-30T17:50:47.481552+00:00|100|{"type":"START_IP_CHECK","ip":"188.75.5.3"}
2022-12-30T17:50:47.481648+00:00|200|{"type":"CLEAN_VALUE","scope":"Ip","value":"188.75.5.3","cache":"hit"}
2022-12-30T17:50:47.481779+00:00|200|{"type":"FINAL_REMEDIATION","ip":"188.75.5.3","remediation":"bypass"}
2022-12-30T17:50:51.430279+00:00|100|{"type":"REST_CLIENT_INIT","base_uri":"https://localhost:8080","timeout":120,"user_agent":"WordPress CrowdSec Bouncer/v1.11.0"}
2022-12-30T17:50:51.430428+00:00|100|{"type":"API_CLIENT_INIT","user_agent":"WordPress CrowdSec Bouncer/v1.11.0","rest_client":"CrowdSecBouncer\\RestClient\\Curl"}
2022-12-30T17:50:51.431105+00:00|100|{"type":"API_CACHE_INIT","adapter":"Symfony\\Component\\Cache\\Adapter\\TagAwareAdapter","mode":"live","fallback_remediation":"captcha","exp_clean_ips":5,"exp_bad_ips":20,"exp_captcha_flow":86400,"exp_geolocation_result":86400,"warmed_up":"false","geolocation":{"enabled":false,"type":"maxmind","save_result":false,"maxmind":{"database_type":"country","database_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../geolocation/"}}}
2022-12-30T17:50:51.431137+00:00|100|{"type":"BOUNCER_INIT","logger":"Monolog\\Logger","max_remediation_level":0,"configs":{"api_key":"***","auth_type":"api_key","tls_cert_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../tls/","tls_key_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../tls/","tls_verify_peer":false,"tls_ca_cert_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../tls/","api_url":"https://localhost:8080","use_curl":true,"api_user_agent":"WordPress CrowdSec Bouncer/v1.11.0","api_timeout":120,"debug_mode":true,"disable_prod_log":false,"log_directory_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../logs/","forced_test_ip":"","forced_test_forwarded_ip":"","display_errors":false,"bouncing_level":"normal_bouncing","trust_ip_forward_array":[],"fallback_remediation":"captcha","stream_mode":false,"cache_system":"phpfs","fs_cache_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../.cache","redis_dsn":"","memcached_dsn":"","clean_ip_cache_duration":5,"bad_ip_cache_duration":20,"captcha_cache_duration":86400,"geolocation_cache_duration":86400,"geolocation":{"enabled":false,"type":"maxmind","save_result":false,"maxmind":{"database_type":"country","database_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../geolocation/"}},"max_remediation_level":"ban","excluded_uris":[]}}
2022-12-30T17:50:51.431313+00:00|300|{"type":"NON_AUTHORIZED_X_FORWARDED_FOR_USAGE","original_ip":"188.75.5.3","x_forwarded_for_ip":"188.75.5.3"}
2022-12-30T17:50:51.431526+00:00|100|{"type":"START_IP_CHECK","ip":"188.75.5.3"}
2022-12-30T17:50:51.431567+00:00|100|{"type":"DIRECT_API_CALL","ip":"188.75.5.3"}
2022-12-30T17:50:51.434110+00:00|200|{"type":"CLEAN_VALUE","scope":"Ip","value":"188.75.5.3","cache":"miss"}
2022-12-30T17:50:51.434323+00:00|200|{"type":"FINAL_REMEDIATION","ip":"188.75.5.3","remediation":"bypass"}
2022-12-30T17:51:00.672167+00:00|100|{"type":"REST_CLIENT_INIT","base_uri":"https://localhost:8080","timeout":120,"user_agent":"WordPress CrowdSec Bouncer/v1.11.0"}
2022-12-30T17:51:00.672315+00:00|100|{"type":"API_CLIENT_INIT","user_agent":"WordPress CrowdSec Bouncer/v1.11.0","rest_client":"CrowdSecBouncer\\RestClient\\Curl"}
2022-12-30T17:51:00.672981+00:00|100|{"type":"API_CACHE_INIT","adapter":"Symfony\\Component\\Cache\\Adapter\\TagAwareAdapter","mode":"live","fallback_remediation":"captcha","exp_clean_ips":5,"exp_bad_ips":20,"exp_captcha_flow":86400,"exp_geolocation_result":86400,"warmed_up":"false","geolocation":{"enabled":false,"type":"maxmind","save_result":false,"maxmind":{"database_type":"country","database_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../geolocation/"}}}
2022-12-30T17:51:00.673023+00:00|100|{"type":"BOUNCER_INIT","logger":"Monolog\\Logger","max_remediation_level":0,"configs":{"api_key":"***","auth_type":"api_key","tls_cert_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../tls/","tls_key_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../tls/","tls_verify_peer":false,"tls_ca_cert_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../tls/","api_url":"https://localhost:8080","use_curl":true,"api_user_agent":"WordPress CrowdSec Bouncer/v1.11.0","api_timeout":120,"debug_mode":true,"disable_prod_log":false,"log_directory_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../logs/","forced_test_ip":"","forced_test_forwarded_ip":"","display_errors":false,"bouncing_level":"normal_bouncing","trust_ip_forward_array":[],"fallback_remediation":"captcha","stream_mode":false,"cache_system":"phpfs","fs_cache_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../.cache","redis_dsn":"","memcached_dsn":"","clean_ip_cache_duration":5,"bad_ip_cache_duration":20,"captcha_cache_duration":86400,"geolocation_cache_duration":86400,"geolocation":{"enabled":false,"type":"maxmind","save_result":false,"maxmind":{"database_type":"country","database_path":"/home/s02.lojadeportugal.pt/public_html/wp-content/plugins/crowdsec/inc/../geolocation/"}},"max_remediation_level":"ban","excluded_uris":[]}}
2022-12-30T17:51:00.673255+00:00|300|{"type":"NON_AUTHORIZED_X_FORWARDED_FOR_USAGE","original_ip":"188.75.5.3","x_forwarded_for_ip":"188.75.5.3"}
2022-12-30T17:51:00.673473+00:00|100|{"type":"START_IP_CHECK","ip":"188.75.5.3"}
2022-12-30T17:51:00.673522+00:00|100|{"type":"DIRECT_API_CALL","ip":"188.75.5.3"}
2022-12-30T17:51:00.677295+00:00|200|{"type":"CLEAN_VALUE","scope":"Ip","value":"188.75.5.3","cache":"miss"}
2022-12-30T17:51:00.677670+00:00|200|{"type":"FINAL_REMEDIATION","ip":"188.75.5.3","remediation":"bypass"}

    I think is important say i′m using CYBERPANEL and site logs are saved in 

    /home/domain.tld/logs/*_acess.log

    I not have experience with crowdsec, i′m starting to learn

    But when I use FAIL2BAN with virtualmin. I have to add Path of logs to configuration.

    Hi,
    the WordPress plugin only applies decisions retrieved from LAPI (CrowdSec Local API).

    If there is no decision, nothing happens : this is a bypass.

    Trying multiple failed login will NOT add decision. (decisions are retrieved from CAPI (community decisions from Central API) or can be add manually in LAPI)

    You can try to add manually a “ban” decision for an IP with command :

    cscli decisions add --scope ip --value a.b.c.d --duration 4h --type ban


    where a.b.c.d is the IP you want to ban. (it should be 188.75.5.3 in your case).

    Once your decision is added, you should get a ban wall when trying to acess tour site with the a.b.c.d IP. (it depends of the timelife of your cached item but it should be effective in less than a minute if you did not change default settings)

    To delete a decision for some IP, run

    cscli decisions delete -i a.b.c.d

    Thanks

    Hi,
    I guess I can close this issue.

    Thanks

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Not working for me (using cloudflare)’ is closed to new replies.