« Linux : Crowdsec » : différence entre les versions

Dernière version du 22 décembre 2025 à 15:25

Installation

curl -s https://install.crowdsec.net | sudo sh

apt install crowdsec

sudo apt install crowdsec-firewall-bouncer-iptables

https://doc.crowdsec.net/u/getting_started/installation/linux/

Configuration avec haproxy

sudo apt install crowdsec-haproxy-spoa-bouncer

https://doc.crowdsec.net/u/bouncers/haproxy_spoa/?_gl=1*2w3pya*_gcl_aw*R0NMLjE3NjY0MTAwNDUuQ2p3S0NBaUE5YVBLQmhCaEVpd0F5ejgySjZTZ1QwR3ZrdkROdjNtMXF2MXlKWG8yU0tFUXRVTTVxMDBmRC1ENHBNSmtNYmFoTmRwM0h4b0NyandRQXZEX0J3RQ..*_gcl_au*OTU2ODY0NzI4LjE3NjY0MTAwNTE.*_ga*MTI1NjEzNjYwNS4xNzY2NDEwMDQ1*_ga_7GZ46W5WLE*czE3NjY0MTAwNDQkbzEkZzEkdDE3NjY0MTE0NDkkajYwJGwwJGgw

Add a SPOE agent configuration to /etc/haproxy/crowdsec.cfg:

[crowdsec]
spoe-agent crowdsec-agent
    messages    crowdsec-ip crowdsec-http

    option      var-prefix      crowdsec
    option      set-on-error    error
    timeout     hello           100ms
    timeout     idle            30s
    timeout     processing      500ms
    use-backend crowdsec-spoa
    log         global

## This message is used to customise the remediation from crowdsec-ip based on the host header
## src-ip is included as fallback in case crowdsec-ip message didn't fire
spoe-message crowdsec-http
    args remediation=var(txn.crowdsec.remediation) crowdsec_captcha_cookie=req.cook(crowdsec_captcha_cookie) id=unique-id host=hdr(Host) method=method path=path query=query version=req.ver headers=req.hdrs body=req.body url=url ssl=ssl_fc src-ip=src src-port=src_port
    event on-frontend-http-request

## This message should be the first to trigger in the chain
spoe-message crowdsec-ip
    args id=unique-id src-ip=src src-port=src_port
    event on-client-session

If you installed the haproxy spoe bouncer through package, you will find this configuration file in /usr/share/doc/crowdsec-haproxy-spoa-bouncer/examples This crowdsec spoe agent configuration is then referenced in the main haproxy configuration file /etc/haproxy/haproxy.cfg and may be added at the bottom of the haproxy configuration file.

[...]

frontend http-in
    bind *:80
    filter spoe engine crowdsec config /etc/haproxy/crowdsec.cfg
    http-request set-header X-Crowdsec-Remediation %[var(txn.crowdsec.remediation)]
    
    ## Handle 302 redirect for successful captcha validation (native HAProxy redirect)
    http-request redirect code 302 location %[var(txn.crowdsec.redirect)] if { var(txn.crowdsec.remediation) -m str "allow" } { var(txn.crowdsec.redirect) -m found }
    
    ## Call lua script only for ban and captcha remediations (performance optimization)
    http-request lua.crowdsec_handle if { var(txn.crowdsec.remediation) -m str "captcha" }
    http-request lua.crowdsec_handle if { var(txn.crowdsec.remediation) -m str "ban" }
    
    ## Handle captcha cookie management via HAProxy (new approach)
    ## Set captcha cookie when SPOA provides captcha_status (pending or valid)
    http-after-response set-header Set-Cookie %[var(txn.crowdsec.captcha_cookie)] if { var(txn.crowdsec.captcha_status) -m found } { var(txn.crowdsec.captcha_cookie) -m found }
    ## Clear captcha cookie when cookie exists but no captcha_status (Allow decision)
    http-after-response set-header Set-Cookie %[var(txn.crowdsec.captcha_cookie)] if { var(txn.crowdsec.captcha_cookie) -m found } !{ var(txn.crowdsec.captcha_status) -m found }
    
    use_backend <whatever>

backend crowdsec-spoa
    mode tcp
    server s1 127.0.0.1:9000

In the global section of your haproxy.cfg, lua path configuration is also mandatory:

global
    [...]
    lua-prepend-path /usr/lib/crowdsec-haproxy-spoa-bouncer/lua/?.lua
    lua-load /usr/lib/crowdsec-haproxy-spoa-bouncer/lua/crowdsec.lua
    setenv CROWDSEC_BAN_TEMPLATE_PATH /var/lib/crowdsec-haproxy-spoa-bouncer/html/ban.html
    setenv CROWDSEC_CAPTCHA_TEMPLATE_PATH /var/lib/crowdsec-haproxy-spoa-bouncer/html/captcha.html

An example that includes this snippet can also be found in /usr/share/doc/crowdsec-haproxy-spoa-bouncer/examples/haproxy.cfg.

Installation avec Opnsense

https://docs.crowdsec.net/docs/getting_started/install_crowdsec_opnsense/

https://blog.raspot.in/fr/blog/installation-et-configuration-de-crowdsec-sur-opnsense

Liens

https://www.it-connect.fr/comment-proteger-son-serveur-linux-des-attaques-avec-crowdsec/

https://doc.crowdsec.net/u/bouncers/haproxy_spoa/?_gl=1*2w3pya*_gcl_aw*R0NMLjE3NjY0MTAwNDUuQ2p3S0NBaUE5YVBLQmhCaEVpd0F5ejgySjZTZ1QwR3ZrdkROdjNtMXF2MXlKWG8yU0tFUXRVTTVxMDBmRC1ENHBNSmtNYmFoTmRwM0h4b0NyandRQXZEX0J3RQ..*_gcl_au*OTU2ODY0NzI4LjE3NjY0MTAwNTE.*_ga*MTI1NjEzNjYwNS4xNzY2NDEwMDQ1*_ga_7GZ46W5WLE*czE3NjY0MTAwNDQkbzEkZzEkdDE3NjY0MTE0NDkkajYwJGwwJGgw

https://blog.stephane-robert.info/docs/securiser/reseaux/crowdsec/

‎ ‎

@@ Ligne 77 : / Ligne 77 : @@
      setenv CROWDSEC_CAPTCHA_TEMPLATE_PATH /var/lib/crowdsec-haproxy-spoa-bouncer/html/captcha.html
 </syntaxhighlight>An example that includes this snippet can also be found in <code>/usr/share/doc/crowdsec-haproxy-spoa-bouncer/examples/haproxy.cfg</code>.
+=== Installation avec Opnsense ===
+https://docs.crowdsec.net/docs/getting_started/install_crowdsec_opnsense/
+https://blog.raspot.in/fr/blog/installation-et-configuration-de-crowdsec-sur-opnsense
 === Liens ===
@@ Ligne 106 : / Ligne 111 : @@
 </script>
 		‎</html>
+[[Catégorie:Crowdsec]]

Anonyme

Rechercher

« Linux : Crowdsec » : différence entre les versions

Espaces de noms

Plus

Actions de la page

Dernière version du 22 décembre 2025 à 15:25

Sommaire

Installation

Configuration avec haproxy

Installation avec Opnsense

Liens

Navigation

Navigation

Outils wiki

Outils wiki

Anonyme

Rechercher

« Linux : Crowdsec » : différence entre les versions

Dernière version du 22 décembre 2025 à 15:25

Installation

Configuration avec haproxy

Installation avec Opnsense

Liens

Navigation

Outils wiki

Outils de la page

Liste des catégories

« Linux : Crowdsec » : différence entre les versions