il/ilnmors-homelab
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a6bba986a5892c0141fa54e66f0476894541bb72
ilnmors-homelab/docs/issues/crowdsec/260516_outline.md
T
il a6bba986a5 fix(crowdsec): update whitelist.yaml to prevent false positive 
false positive:
- outline session problem (LePresidente/http-generic-401-bf)
2026-05-17 00:00:46 +09:00

714 B
Raw Blame History

Outline crowdsec false positive issue

Status

  • Finished

Date

  • 2026-05-16

Version

  • Outline: 1.7.1

Problem

  • Reload the outline when session is terminated, it causes 401 errors
    • fw ban users' IP address.

Reason

  • When the session is terminated by some reasons, every request recieves 401 errors
    • LePresidente/http-generic-401-bf

Timeline

  • 2026-05-16: Release outline
  • 2026-05-16: Find the false positive case, and add whitelist

Solution

  • Add expression on whitelist
    • evt.Meta.target_fqdn == '{{ services['outline']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_status == '401' && evt.Meta.http_verb == 'POST' && evt.Meta.http_path startsWith '/api/'
Reference in New Issue View Git Blame Copy Permalink