Skip to main content
Version: v1.2

Troubleshooting Guide

How to list banned IPs

cscli decisions list

How to unban an IP

cscli decisions delete -i x.x.x.x

I want to prevent Crowdsec from banning a given IP

Inspired from the existing default whitelist for private IP addresses, you can craft your own (and drop it in /etc/crowdsec/parsers/s01-parse/mywhitelist.yaml) :

name: crowdsecurity/mywhitelists
description: "Whitelist events from private ipv4 addresses"
whitelist:
reason: "private ipv4/ipv6 ip/ranges"
ip:
- "127.0.0.1"
- "::1"
cidr:
- "192.168.0.0/16"
- "10.0.0.0/8"
- "172.16.0.0/12"

Scenario XXX keeps triggering, it's a false positive

To avoid a specific scenario that is bothering you, you have several options :

  • set it in simulation mode : you will see the alerts, but no decisions will be applied
  • purely remove the scenario : it will be completely disabled

My bouncer doesn't start/work (common causes)

  1. Bouncer cannot connect to the local API
  • error message might look like:
level=error msg="auth-api: auth with api key failed return nil response, error: dial tcp 127.0.0.1:8080: connect: connection refused"
  • solution verify that the local API runs on the configured IP
  1. Bouncer cannot authenticate to the local API
  • error message might look like:
time="19-04-2022 15:43:07" level=error msg="API error: access forbidden"