il/ilnmors-homelab
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(crowdsec): update whitelist.yaml to prevent false positive

Browse Source 
false positive:
- outline session problem (LePresidente/http-generic-401-bf)
This commit is contained in:
Il Lee
2026-05-17 00:00:46 +09:00
parent 24eff8f3eb
commit a6bba986a5
2 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/services/systemd/common/crowdsec/bouncers/whitelists.yaml.j2
+3
View File
@@ -18,4 +18,7 @@ whitelist:
- "evt.Meta.target_fqdn == '{{ services['nextcloud']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' && evt.Meta.http_path startsWith '/index.php/core/preview?'"
# nextcloud chunks.mjs request false positive
- "evt.Meta.target_fqdn == '{{ services['nextcloud']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_status in ['200', '304'] && evt.Meta.http_verb == 'GET' && evt.Meta.http_path contains 'chunk.mjs'"
# outline POST 401 errors false positive
- "evt.Meta.target_fqdn == '{{ services['outline']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_status == '401' && evt.Meta.http_verb == 'POST' && evt.Meta.http_path startsWith '/api/'"
{% endif %}