fix(crowdsec): update whitelist.yaml to prevent false positive

false positive:
- outline session problem (LePresidente/http-generic-401-bf)

config/services/systemd/common/crowdsec/bouncers/whitelists.yaml.j2

@@ -18,4 +18,7 @@ whitelist:
         - "evt.Meta.target_fqdn == '{{ services['nextcloud']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' &&  evt.Meta.http_path startsWith '/index.php/core/preview?'"
         # nextcloud chunks.mjs request false positive
         - "evt.Meta.target_fqdn == '{{ services['nextcloud']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_status in ['200', '304'] && evt.Meta.http_verb == 'GET' && evt.Meta.http_path contains 'chunk.mjs'"
+        # outline POST 401 errors false positive
+        - "evt.Meta.target_fqdn == '{{ services['outline']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_status == '401' && evt.Meta.http_verb == 'POST' && evt.Meta.http_path startsWith '/api/'"
+
 {% endif %}

docs/issues/crowdsec/260516_outline.md

@@ -0,0 +1,26 @@
+# Outline crowdsec false positive issue
+
+## Status
+- Finished
+
+## Date
+- 2026-05-16
+
+## Version
+- Outline: 1.7.1
+
+## Problem
+- Reload the outline when session is terminated, it causes 401 errors
+  - fw ban users' IP address.
+
+## Reason
+- When the session is terminated by some reasons, every request recieves 401 errors
+    - `LePresidente/http-generic-401-bf`
+
+## Timeline
+- 2026-05-16: Release outline
+- 2026-05-16: Find the false positive case, and add whitelist
+
+## Solution
+- Add expression on whitelist
+  - evt.Meta.target_fqdn == '{{ services['outline']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_status == '401' && evt.Meta.http_verb == 'POST' && evt.Meta.http_path startsWith '/api/'