add crowdsec rule ot skip my home ip[ci skip]

2026-01-24 18:46:12 +00:00 · 2026-01-24 18:46:12 +00:00 · 0b58abc7b7
commit 0b58abc7b7
parent fe05b1442c
2 changed files with 57 additions and 0 deletions
--- a/modules/kubernetes/crowdsec/main.tf
+++ b/modules/kubernetes/crowdsec/main.tf
@ -64,6 +64,28 @@ resource "kubernetes_config_map" "crowdsec_custom_scenarios" {
  }
 }

+# Whitelist for trusted IPs that should never be blocked
+resource "kubernetes_config_map" "crowdsec_whitelist" {
+  metadata {
+    name      = "crowdsec-whitelist"
+    namespace = kubernetes_namespace.crowdsec.metadata[0].name
+    labels = {
+      "app.kubernetes.io/name" = "crowdsec"
+    }
+  }
+
+  data = {
+    "whitelist.yaml" = <<-YAML
+      name: crowdsecurity/whitelist-trusted-ips
+      description: "Whitelist for trusted IPs that should never be blocked"
+      whitelist:
+        reason: "Trusted IP - never block"
+        ip:
+          - "176.12.22.76"
+    YAML
+  }
+}
+

 resource "helm_release" "crowdsec" {
  namespace        = kubernetes_namespace.crowdsec.metadata[0].name
--- a/modules/kubernetes/crowdsec/values.yaml
+++ b/modules/kubernetes/crowdsec/values.yaml
@ -31,10 +31,17 @@ agent:
      mountPath: /etc/crowdsec/scenarios/http-429-abuse.yaml
      subPath: "http-429-abuse.yaml"
      readonly: true
+    - name: whitelist
+      mountPath: /etc/crowdsec/parsers/s02-enrich/whitelist.yaml
+      subPath: "whitelist.yaml"
+      readonly: true
  extraVolumes:
    - name: custom-scenarios
      configMap:
        name: crowdsec-custom-scenarios
+    - name: whitelist
+      configMap:
+        name: crowdsec-whitelist
 lapi:
  replicas: 3
  extraSecrets:
@ -117,6 +124,34 @@ lapi:
    type: RollingUpdate
  
 config:
+  # Custom profiles: captcha for rate limiting, ban for attacks
+  profiles.yaml: |
+    # Captcha for rate limiting and 403 abuse (user can unblock themselves)
+    name: captcha_remediation
+    filters:
+      - Alert.Remediation == true && Alert.GetScope() == "Ip" && Alert.GetScenario() in ["crowdsecurity/http-429-abuse", "crowdsecurity/http-403-abuse", "crowdsecurity/http-crawl-non_statics", "crowdsecurity/http-sensitive-files"]
+    decisions:
+      - type: captcha
+        duration: 4h
+    on_success: break
+    ---
+    # Default: Ban for serious attacks (CVE exploits, scanners, brute force)
+    name: default_ip_remediation
+    filters:
+      - Alert.Remediation == true && Alert.GetScope() == "Ip"
+    decisions:
+      - type: ban
+        duration: 4h
+    on_success: break
+    ---
+    name: default_range_remediation
+    filters:
+      - Alert.Remediation == true && Alert.GetScope() == "Range"
+    decisions:
+      - type: ban
+        duration: 4h
+    on_success: break
+
  config.yaml.local: |
    db_config:
      type:     mysql