From e737b482a29763b9b9b27c44df1a3248aa183e0a Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Sat, 18 Oct 2025 19:02:20 +0000
Subject: [PATCH] relax the 403 abuse rule to reduce FP rate [ci skip]

---
 modules/kubernetes/crowdsec/main.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/kubernetes/crowdsec/main.tf b/modules/kubernetes/crowdsec/main.tf
index c9d85f20..b5491322 100644
--- a/modules/kubernetes/crowdsec/main.tf
+++ b/modules/kubernetes/crowdsec/main.tf
@@ -35,9 +35,9 @@ resource "kubernetes_config_map" "crowdsec_custom_scenarios" {
       description: "Detect IPs triggering too many HTTP 403s in NGINX ingress logs"
       filter: "evt.Meta.log_type == 'http_access-log' && evt.Parsed.status == '403'"
       groupby: "evt.Meta.source_ip"
-      leakspeed: "10s"
-      capacity: 5
-      blackhole: 1m
+      leakspeed: "30s"
+      capacity: 10
+      blackhole: 5m
       labels:
         service: http
         behavior: abusive_403