viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

relax the 403 abuse rule to reduce FP rate [ci skip]

Browse source
This commit is contained in:
Viktor Barzin 2025-10-18 19:02:20 +00:00
parent 0dc15de54f
commit 0921bca454
No known key found for this signature in database
GPG key ID: 4056458DBDBF8863
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/kubernetes/crowdsec/main.tf
View file

@ -35,9 +35,9 @@ resource "kubernetes_config_map" "crowdsec_custom_scenarios" {
description: "Detect IPs triggering too many HTTP 403s in NGINX ingress logs" description: "Detect IPs triggering too many HTTP 403s in NGINX ingress logs"
filter: "evt.Meta.log_type == 'http_access-log' && evt.Parsed.status == '403'" filter: "evt.Meta.log_type == 'http_access-log' && evt.Parsed.status == '403'"
groupby: "evt.Meta.source_ip" groupby: "evt.Meta.source_ip"
leakspeed: "10s" leakspeed: "30s"
capacity: 5 capacity: 10
blackhole: 1m blackhole: 5m
labels: labels:
service: http service: http
behavior: abusive_403 behavior: abusive_403