il/ilnmors-homelab
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: il/ilnmors-homelab:1.10.0
Branches Tags
il/ilnmors-homelab:main
il/ilnmors-homelab:1.10.1 il/ilnmors-homelab:1.10.0 il/ilnmors-homelab:1.9.16 il/ilnmors-homelab:1.9.15 il/ilnmors-homelab:1.9.14 il/ilnmors-homelab:1.9.13 il/ilnmors-homelab:1.9.12 il/ilnmors-homelab:1.9.11 il/ilnmors-homelab:1.9.10 il/ilnmors-homelab:1.9.9 il/ilnmors-homelab:1.9.8 il/ilnmors-homelab:1.9.7 il/ilnmors-homelab:1.9.6 il/ilnmors-homelab:1.9.5 il/ilnmors-homelab:1.9.4 il/ilnmors-homelab:1.9.3 il/ilnmors-homelab:1.9.2 il/ilnmors-homelab:1.9.1 il/ilnmors-homelab:1.9.0 il/ilnmors-homelab:1.8.2 il/ilnmors-homelab:1.8.1 il/ilnmors-homelab:1.8.0 il/ilnmors-homelab:1.7.5 il/ilnmors-homelab:1.7.4 il/ilnmors-homelab:1.7.3 il/ilnmors-homelab:1.7.2 il/ilnmors-homelab:1.7.1 il/ilnmors-homelab:1.7.0 il/ilnmors-homelab:1.6.2 il/ilnmors-homelab:1.6.1 il/ilnmors-homelab:1.6.0 il/ilnmors-homelab:1.5.2 il/ilnmors-homelab:1.5.1 il/ilnmors-homelab:1.5.0 il/ilnmors-homelab:1.4.1 il/ilnmors-homelab:1.4.0 il/ilnmors-homelab:1.3.1 il/ilnmors-homelab:1.3.0 il/ilnmors-homelab:1.2.0 il/ilnmors-homelab:1.1.0 il/ilnmors-homelab:1.0.0
..
compare: il/ilnmors-homelab:1.10.1
Branches Tags
il/ilnmors-homelab:main
il/ilnmors-homelab:1.10.1 il/ilnmors-homelab:1.10.0 il/ilnmors-homelab:1.9.16 il/ilnmors-homelab:1.9.15 il/ilnmors-homelab:1.9.14 il/ilnmors-homelab:1.9.13 il/ilnmors-homelab:1.9.12 il/ilnmors-homelab:1.9.11 il/ilnmors-homelab:1.9.10 il/ilnmors-homelab:1.9.9 il/ilnmors-homelab:1.9.8 il/ilnmors-homelab:1.9.7 il/ilnmors-homelab:1.9.6 il/ilnmors-homelab:1.9.5 il/ilnmors-homelab:1.9.4 il/ilnmors-homelab:1.9.3 il/ilnmors-homelab:1.9.2 il/ilnmors-homelab:1.9.1 il/ilnmors-homelab:1.9.0 il/ilnmors-homelab:1.8.2 il/ilnmors-homelab:1.8.1 il/ilnmors-homelab:1.8.0 il/ilnmors-homelab:1.7.5 il/ilnmors-homelab:1.7.4 il/ilnmors-homelab:1.7.3 il/ilnmors-homelab:1.7.2 il/ilnmors-homelab:1.7.1 il/ilnmors-homelab:1.7.0 il/ilnmors-homelab:1.6.2 il/ilnmors-homelab:1.6.1 il/ilnmors-homelab:1.6.0 il/ilnmors-homelab:1.5.2 il/ilnmors-homelab:1.5.1 il/ilnmors-homelab:1.5.0 il/ilnmors-homelab:1.4.1 il/ilnmors-homelab:1.4.0 il/ilnmors-homelab:1.3.1 il/ilnmors-homelab:1.3.0 il/ilnmors-homelab:1.2.0 il/ilnmors-homelab:1.1.0 il/ilnmors-homelab:1.0.0

2 Commits
1.10.0 .. 1.10.1

Author SHA1 Message Date
il 5dd38b7e49 fix(crowdsec): update whitelist.yaml to prevent false positive 
false positive:
- chunk problems (crowdsecurity/http-crawl-non_statics)
- directory upload 404 problem (crowdsecurity/http-probing)
 2026-05-02 20:38:48 +09:00
il 33d94211d1 docs(issues): fix crowdsec command 'cscli decision list' to 'cscli decision delete' 2026-05-02 19:46:51 +09:00
5 changed files with 46 additions and 3 deletions
Expand all files Collapse all files
config/services/systemd/common/crowdsec/bouncers/whitelists.yaml.j2
+5
View File
@@ -18,4 +18,9 @@ whitelist:
- "evt.Meta.target_fqdn == '{{ services['immich']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_path contains '/api/assets/' && evt.Meta.http_path contains '/thumbnail'"
# opencloud chunk request false positive
- "evt.Meta.target_fqdn == '{{ services['opencloud']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_path contains '/js/chunks/'"
# nextcloud chunk request false positive (crowdsecurity/http-crawl-non_statics)
- "evt.Meta.target_fqdn == '{{ services['nextcloud']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_path contains '/apps/viewer/js/'"
- "evt.Meta.target_fqdn == '{{ services['nextcloud']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_path contains '/dist/'"
# nextcloud upload directory request 404 error false positive (crowdsecurity/http-probing)
- "evt.Meta.target_fqdn == '{{ services['nextcloud']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_path contains '/remote.php/dav/files/'"
{% endif %}
docs/issues/crowdsec/260321_actual_budget.md
+1 -1
View File
@@ -30,4 +30,4 @@
- evt.Meta.target_fqdn == '{{ services['actualbudget']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_path contains '/data/migrations/'
- Delete false positive decision
- Check false positive decision with `sudo cscli decision list`
- Delete false positive decision with `sudo cscli decision list --id $ID`
- Delete false positive decision with `sudo cscli decision delete --id $ID`
docs/issues/crowdsec/260321_immich.md
+1 -1
View File
@@ -29,4 +29,4 @@
- evt.Meta.target_fqdn == 'Immich.ilnmors.com' && evt.Meta.http_path contains '/api/assets/' && evt.Meta.http_path contains '/thumbnail'
- Delete false positive decision
- Check false positive decision with `sudo cscli decision list`
- Delete false positive decision with `sudo cscli decision list --id $ID`
- Delete false positive decision with `sudo cscli decision delete --id $ID`
docs/issues/crowdsec/260404_opencloud.md
+1 -1
View File
@@ -29,4 +29,4 @@
- evt.Meta.target_fqdn == '{{ services['opencloud']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_path contains '/js/chunks/'
- Delete false positive decision
- Check false positive decision with `sudo cscli decision list`
- Delete false positive decision with `sudo cscli decision list --id $ID`
- Delete false positive decision with `sudo cscli decision delete --id $ID`
docs/issues/crowdsec/260502_nextcloud.md
+38
View File
@@ -0,0 +1,38 @@
# Nextcloud crowdsec false positive issue
## Status
- Finished
## Date
- 2026-05-02
## Version
- Nextcloud: 33.0.3
## Problem
- When users download or modify some files, all connections to homelab services are refused.
- fw ban users' IP address.
## Reason
- Nextcloud uses chunks for actions, and uploading and downloading
- chunks on '/apps/viewer/js', '/dist/'
- `crowdsecurity/http-crawl-non_statics`
- Nextcloud keeps checking directory which is uploading
- upload directory '/remote.php/dav/files/'
- `crowdsecurity/http-probing`
## Timeline
- 2026-05-02: Release nextcloud
- 2026-05-02: Find the false positive case, and add whitelist
## Solution
- Access to fw
- Check the ban list with `sudo cscli alerts list`
- Read the ban case with `sudo cscli alerts inspect $NUMBER`
- Add expressions on whitelist
- evt.Meta.target_fqdn == '{{ services['nextcloud']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_path contains '/apps/viewer/js/'
- evt.Meta.target_fqdn == '{{ services['nextcloud']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_path contains '/dist/'
- evt.Meta.target_fqdn == '{{ services['nextcloud']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_path contains '/remote.php/dav/files/'
- Delete false positive decision
- Check false positive decision with `sudo cscli decision list`
- Delete false positive decision with `sudo cscli decision delete --id $ID`