Apache
📚 Documentation 💠 Hub 💬 Discourse
A Remediation Component for Apache.
How does it work ?
This component leverages Apache's module mecanism to provide IP address blocking capability.
The module supports Live mode with a local (in-memory) cache.
At the back, this component uses mod_proxy
, mod_ssl
for requests to LAPI, and mod_socache
for the caching feature.
Installation
- Debian/Ubuntu
- Others (build from source)
Repository configuration
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec-apache/script.deb.sh | sudo bash
Installation
sudo apt-get install crowdsec-apache2-bouncer
Clone or download directly from our GitHub repository.
aclocal
autoconf
autoheader
automake --add-missing
./configure
make
sudo make install
sudo cp config/mod_crowdsec.* /etc/apache2/mods-available/
sudo mkdir -p /etc/crowdsec/bouncers/
sudo cp ./config/crowdsec-apache2-bouncer.conf /etc/crowdsec/bouncers/
Initial Configuration
Enable the mod_crowdsec module:
sudo a2enmod mod_crowdsec
Generate an API key for the bouncer [1]:
sudo cscli bouncers add apache2
Remediation Component config's is located in /etc/crowdsec/bouncers/crowdsec-apache2-bouncer.conf
:
## Replace the API key with the newly generated one [1]
CrowdsecAPIKey this_is_a_bad_password
sudo systemctl restart apache2
Configuration directives
The configuration file is stored in /etc/crowdsec/bouncers/crowdsec-apache2-bouncer.conf
by default.
Crowdsec
on|off
Enable or disable module globally:
off
(default): Module has to be enabled per location.on
: Module is enabled by default.
Behavior can be overriden in any location.
CrowdsecFallback
fail|block|allow
How to respond if the Crowdsec API is not available:
fail
returns a 500 Internal Server Error.block
returns a 302 Redirect (or 429 Too Many Requests if CrowdsecLocation is unset).allow
(default) will allow the request through.
CrowdsecBlockedHTTPCode
500|403|429
HTTP code to return when a request is blocked (default is 429
).
CrowdsecLocation
Set to the URL to redirect to when the IP address is banned. As per RFC 7231 may be a path, or a full URL. For example: /sorry.html
CrowdsecURL
Set to the URL of the Crowdsec API. For example: http://localhost:8080.
CrowdsecAPIKey
Set to the API key of the Crowdsec API. Add an API key using 'cscli bouncers add'.
CrowdsecCache
Enable the crowdsec cache. Defaults to 'none'. Options detailed here: https://httpd.apache.org/docs/2.4/socache.html.
CrowdsecCacheTimeout
Set the crowdsec cache timeout. Defaults to 60 seconds.
Next steps
Overriding HTTP Response
If you want to return custom HTTP code and/or content, you can use CrowdsecLocation
and RewriteRules
:
CrowdsecLocation /one/
<Location /one/>
Crowdsec off
RewriteEngine On
RewriteRule .* - [R=403,L]
# Require all denied
ErrorDocument 403 "hell nooo"
</Location>