Skip to main content

Apache

CrowdSec

📚 Documentation 💠 Hub 💬 Discourse

A Remediation Component for Apache.

warning

Beta Remediation Component, please report any issues on GitHub

How does it work ?

This component leverages Apache's module mecanism to provide IP address blocking capability.

The module supports Live mode with a local (in-memory) cache.

At the back, this component uses mod_proxy, mod_ssl for requests to LAPI, and mod_socache for the caching feature.

Installation

warning

Packages are only available for debian and ubuntu systems.

The module can be built and installed on other platform as well.

Please keep in mind that this bouncer only supports live mode.

Repository configuration

warning

Please note that the repository for this package is not the same as the one holding CrowdSec's binary packages,

curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec-apache/script.deb.sh | sudo bash

Installation

sudo apt-get install crowdsec-apache2-bouncer

Configuration directives

The configuration file is stored in /etc/crowdsec/bouncers/crowdsec-apache2-bouncer.conf by default.

Crowdsec

on|off

Enable or disable module globally:

  • off (default): Module has to be enabled per location.
  • on: Module is enabled by default.

Behavior can be overriden in any location.

CrowdsecFallback

fail|block|allow

How to respond if the Crowdsec API is not available:

  • fail returns a 500 Internal Server Error.
  • block returns a 302 Redirect (or 429 Too Many Requests if CrowdsecLocation is unset).
  • allow (default) will allow the request through.

CrowdsecBlockedHTTPCode

500|403|429

HTTP code to return when a request is blocked (default is 429).

CrowdsecLocation

Set to the URL to redirect to when the IP address is banned. As per RFC 7231 may be a path, or a full URL. For example: /sorry.html

CrowdsecURL

Set to the URL of the Crowdsec API. For example: http://localhost:8080.

CrowdsecAPIKey

Set to the API key of the Crowdsec API. Add an API key using 'cscli bouncers add'.

CrowdsecCache

Enable the crowdsec cache. Defaults to 'none'. Options detailed here: https://httpd.apache.org/docs/2.4/socache.html.

CrowdsecCacheTimeout

Set the crowdsec cache timeout. Defaults to 60 seconds.

Next steps

Overriding HTTP Response

If you want to return custom HTTP code and/or content, you can use CrowdsecLocation and RewriteRules :

CrowdsecLocation /one/
<Location /one/>
Crowdsec off
RewriteEngine On
RewriteRule .* - [R=403,L]
# Require all denied
ErrorDocument 403 "hell nooo"
</Location>