il/ilnmors-homelab
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5dd38b7e49230f2a46cccff707b65dc69cc3ea6e
ilnmors-homelab/docs/issues/crowdsec/260404_opencloud.md
T

33 lines
1018 B
Markdown
Raw Blame History

# OpenCloud crowdsec false positive issue
## Status
- Finished
## Date
- 2026-04-04
## Version
- OpenCloud: 4.0.4
## Problem
- When users download some files, all connections to homelab services are refused.
- fw ban users' IP address.
## Reason
- OpenCloud uses chunks when clients uploads or download files to it.
- LAPI decides a ban when a lot of chunks file is uploaded or downloaded from external devices
## Timeline
- 2026-04-04: Release OpenCloud
- 2026-04-04: Find the false positive case, and add whitelist
## Solution
- Access to fw
- Check the ban list with `sudo cscli alerts list`
- Read the ban case with `sudo cscli alerts inspect $NUMBER`
- Add regex on whitelist
- evt.Meta.target_fqdn == '{{ services['opencloud']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_path contains '/js/chunks/'
- Delete false positive decision
- Check false positive decision with `sudo cscli decision list`
- Delete false positive decision with `sudo cscli decision delete --id $ID`
Reference in New Issue View Git Blame Copy Permalink