pretecno/crowdsec-bouncer-traefik-plugin

mirror of https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin.git synced 2025-11-08 15:15:05 +01:00

Files

mathieuHa e6b10b8ac4 ⬆️ 📝 Update exemples and version traefik 3, crowdsec 1.6.1-2, plugin … (#160 )

* ⬆️ 📝 Update exemples and version traefik 3, crowdsec 1.6.1-2, plugin 1.3.0

* 📝 🐛 Fix race in exemple and doc for tls

2024-05-01 20:03:19 +02:00

acquis.yaml

✨ Add ban html template (#142 )

2024-04-03 17:58:18 +02:00

ban.html

✨ Add ban html template (#142 )

2024-04-03 17:58:18 +02:00

docker-compose.yml

⬆️ 📝 Update exemples and version traefik 3, crowdsec 1.6.1-2, plugin … (#160 )

2024-05-01 20:03:19 +02:00

image_decision_ban.png

✨ Add ban html template (#142 )

2024-04-03 17:58:18 +02:00

README.md

📝 Update typo on doc for ban custom page (#147 )

2024-04-05 09:30:49 +02:00

README.md

Example

Adding a custom ban page

Traefik can return a custom HTML ban page along with the 403 HTTP response code.
This can be usefull as some browser (Firefox for instance) return a 403 blank webpage and we can mistake a server/reverse-proxy error with a ban from Crowdsec.

Traefik configuration

  labels:
      # Define ban HTML file path
      - "traefik.http.middlewares.crowdsec.plugin.bouncer.banHtmlFilePath=/ban.html"

The ban HTML file must be present in the Traefik container (bind mounted or added during a custom build).
It is not directly accessible from Traefik even when importing the plugin, so download it locally to expose it to Traefik.

  ...
  traefik:
    image: "traefik:v2.11.0"
    volumes:
      - './ban.html:/ban.html'
  ...

We can try to query normally the whoami server:

curl http://localhost:8000/foo

We can try to ban ourself

docker exec crowdsec cscli decisions add --ip 10.0.0.20 -d 4h --type ban

We will see in the browser the ban custom page:

To play the demo environment run:

make run_custom_ban_page

README.md

Example

Adding a custom ban page

Traefik configuration

Exemple navigation