# Immich crowdsec false positive issue

## Status
- Finished

## Date
- 2026-03-21

## Version
- Immich: 2.6.1

## Problem
- When users access and log in Immich while Immich is generating thumbnail, all connections to homelab services are refused.
  - fw ban users' IP address.

## Reason
- Immich sends 404 error to clients when the client request thumbnail while it is generating them.
- LAPI decides a ban when a lot of 404 errors occur in short time

## Timeline
- 2026-03-21: Release Immich
- 2026-03-21: Find the false positive case, and add whitelist

## Solution
- Access to fw
  - Check the ban list with `sudo cscli alerts list`
  - Read the ban case with `sudo cscli alerts inspect $NUMBER`
- Add regex on whitelist
  - evt.Meta.target_fqdn == 'Immich.ilnmors.com' && evt.Meta.http_path contains '/api/assets/' && evt.Meta.http_path contains '/thumbnail'
- Delete false positive decision
  - Check false positive decision with `sudo cscli decision list`
  - Delete false positive decision with `sudo cscli decision list --id $ID`