docs(security): note crowdsec-cf-sync rate-limit resilience
All checks were successful
ci/woodpecker/push/default Pipeline was successful
All checks were successful
ci/woodpecker/push/default Pipeline was successful
Document the backoff_limit=0 + CF-429 soft-skip hardening alongside the
cf-sync architecture description, with the why (the backoff_limit=2
retry-storm that escalated Cloudflare's Lists-API throttle into a stuck
state). Follow-up to 5b49634f.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin
parent
5b49634fe0
commit
bf40409141
1 changed files with 7 additions and 0 deletions
|
|
@ -132,6 +132,13 @@ for the supersession history — there is no longer an inline Traefik bouncer.)
|
|||
account hard-limits to **one** list), and CAPI is already covered in-kernel on
|
||||
direct hosts and by Cloudflare's own managed protections on proxied hosts.
|
||||
Registered bouncer key: **`kvsync`**.
|
||||
- **Rate-limit resilient (2026-06-27):** Cloudflare's Lists-API *write* endpoint
|
||||
is throttled (~per-60s; `429 retry-after`). The CronJob runs `backoff_limit=0`
|
||||
(one POST per cycle — the `*/2` schedule IS the retry cadence) and treats a CF
|
||||
`429` as a soft-skip (exit 0, retry next cycle), the same fail-safe pattern it
|
||||
uses for LAPI. An earlier `backoff_limit=2` fired 3 rapid POSTs/cycle and
|
||||
escalated the throttle into a stuck state that left the list empty — a
|
||||
self-inflicted DoS that this change prevents.
|
||||
- **Block-only**: the single-list limit precludes a separate
|
||||
captcha/managed-challenge list, so both ban and captcha decisions are enforced
|
||||
as a plain block at the edge.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue