il/ilnmors-homelab
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(crowdsec): update whitelist.yaml to prevent false positive

Browse Source 
false positive:
- nextcloud thumbnail/preview 404 problem (crowdsecurity/http-probing)
This commit is contained in:
Il Lee
2026-05-07 09:56:45 +09:00
parent 3b4b56f53f
commit b404a9e459
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/issues/crowdsec/260502_nextcloud.md
+4
View File
@@ -21,9 +21,13 @@
- 2026-05-02: Find the false positive case, and add whitelist
- 2026-05-03: Install crowdsecurity/nextcloud-whitelist parser
- 2026-05-03: Make previous expressions annotation
- 2026-05-07: Find the false positive case, which is not on `crowdsecurity/nextcloud-whitelist`
- 2026-05-07: Set whitelist expression
## Solution
- Install crowdsecurity/nextcloud-whitelist on auth node
- Add expression on whitelist
- evt.Meta.target_fqdn == '{{ services['nextcloud']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' && evt.Meta.http_path startsWith '/index.php/core/preview?'
### Deprecated solution
- Access to fw