From 39b88b6b9608aa9c9a745a912da25d33e985e9e6 Mon Sep 17 00:00:00 2001 From: sabban Date: Tue, 28 Jan 2025 18:18:38 +0100 Subject: [PATCH 1/9] add documentaion for apache2 bouncer --- crowdsec-docs/unversioned/bouncers/apache.mdx | 32 +++++++++++++------ 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/crowdsec-docs/unversioned/bouncers/apache.mdx b/crowdsec-docs/unversioned/bouncers/apache.mdx index ec0537d9b..1ff367b91 100644 --- a/crowdsec-docs/unversioned/bouncers/apache.mdx +++ b/crowdsec-docs/unversioned/bouncers/apache.mdx @@ -47,9 +47,9 @@ At the back, this component uses `mod_proxy`, `mod_ssl` for requests to LAPI, an :::warning -There is not yet publicly available packages or this Remediation Component. +Packages are only available for debian like systems. -We are providing ways to build your own while we're working on packaging. +THe module can be built and installed on other platform as well.. ::: @@ -57,17 +57,28 @@ Clone or download directly [from our GitHub repository](https://github.com/crowd - + + +### Repository configuration + +:::warning + +Please note that the reposiroty for this package is not the same as the one holding CrowdSec's binary packages ```bash -dpkg-buildpackage -us -uc -sudo dpkg -i ../crowdsec-apache2-bouncer_1.0.0_amd64.deb +curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash +``` + +### Installation + +```bash +sudo apt-get install crowdsec-apache2-bouncer ``` @@ -87,10 +98,6 @@ sudo mkdir -p /etc/crowdsec/bouncers/ sudo cp ./config/crowdsec-apache2-bouncer.conf /etc/crowdsec/bouncers/ ``` - - - - ### Initial Configuration Enable the mod_crowdsec module: @@ -121,6 +128,11 @@ If needed, edit `CrowdsecURL` (and other parameters) sudo systemctl restart apache2 ``` + + + + + ## Configuration directives ### `Crowdsec` From ad325a288524dead1ce3a2aa516da310662b7d4b Mon Sep 17 00:00:00 2001 From: sabban Date: Tue, 28 Jan 2025 20:19:28 +0100 Subject: [PATCH 2/9] typo fix --- crowdsec-docs/unversioned/bouncers/apache.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crowdsec-docs/unversioned/bouncers/apache.mdx b/crowdsec-docs/unversioned/bouncers/apache.mdx index 1ff367b91..3099e4b55 100644 --- a/crowdsec-docs/unversioned/bouncers/apache.mdx +++ b/crowdsec-docs/unversioned/bouncers/apache.mdx @@ -59,7 +59,7 @@ Clone or download directly [from our GitHub repository](https://github.com/crowd @@ -69,7 +69,7 @@ Clone or download directly [from our GitHub repository](https://github.com/crowd :::warning -Please note that the reposiroty for this package is not the same as the one holding CrowdSec's binary packages +Please note that the repository for this package is not the same as the one holding CrowdSec's binary packages ```bash curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash From f4a3e274e2cf8a721055f559ee9baf00d2911072 Mon Sep 17 00:00:00 2001 From: sabban Date: Wed, 29 Jan 2025 09:24:23 +0100 Subject: [PATCH 3/9] typo --- crowdsec-docs/unversioned/bouncers/apache.mdx | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crowdsec-docs/unversioned/bouncers/apache.mdx b/crowdsec-docs/unversioned/bouncers/apache.mdx index 3099e4b55..24ab5816a 100644 --- a/crowdsec-docs/unversioned/bouncers/apache.mdx +++ b/crowdsec-docs/unversioned/bouncers/apache.mdx @@ -68,8 +68,8 @@ Clone or download directly [from our GitHub repository](https://github.com/crowd ### Repository configuration :::warning - Please note that the repository for this package is not the same as the one holding CrowdSec's binary packages +::: ```bash curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash @@ -129,7 +129,6 @@ sudo systemctl restart apache2 ``` - From b52db0c7a6918095cdacd0afb695f7b037da98ed Mon Sep 17 00:00:00 2001 From: sabban Date: Wed, 29 Jan 2025 10:07:25 +0100 Subject: [PATCH 4/9] typo --- crowdsec-docs/unversioned/bouncers/apache.mdx | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crowdsec-docs/unversioned/bouncers/apache.mdx b/crowdsec-docs/unversioned/bouncers/apache.mdx index 24ab5816a..83ca97adc 100644 --- a/crowdsec-docs/unversioned/bouncers/apache.mdx +++ b/crowdsec-docs/unversioned/bouncers/apache.mdx @@ -49,7 +49,7 @@ At the back, this component uses `mod_proxy`, `mod_ssl` for requests to LAPI, an Packages are only available for debian like systems. -THe module can be built and installed on other platform as well.. +The module can be built and installed on other platform as well.. ::: @@ -117,7 +117,6 @@ Remediation Component config's is located in `/etc/crowdsec/bouncers/crowdsec-ap ```bash ## Replace the API key with the newly generated one [1] CrowdsecAPIKey this_is_a_bad_password -... ``` :::info From ea492a3770b232bf5d24fad4c2b647c9e0c2387d Mon Sep 17 00:00:00 2001 From: sabban Date: Wed, 29 Jan 2025 10:38:42 +0100 Subject: [PATCH 5/9] this will have to be merged after adding apache bouncer to final release --- crowdsec-docs/unversioned/bouncers/apache.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crowdsec-docs/unversioned/bouncers/apache.mdx b/crowdsec-docs/unversioned/bouncers/apache.mdx index 83ca97adc..59cb25cb5 100644 --- a/crowdsec-docs/unversioned/bouncers/apache.mdx +++ b/crowdsec-docs/unversioned/bouncers/apache.mdx @@ -47,7 +47,7 @@ At the back, this component uses `mod_proxy`, `mod_ssl` for requests to LAPI, an :::warning -Packages are only available for debian like systems. +Packages are only available for debian like systems and The module can be built and installed on other platform as well.. @@ -68,7 +68,7 @@ Clone or download directly [from our GitHub repository](https://github.com/crowd ### Repository configuration :::warning -Please note that the repository for this package is not the same as the one holding CrowdSec's binary packages +Please note that the repository for this package is not the same as the one holding CrowdSec's binary packages, ::: ```bash From 1dad4cf4c0520cf5f9063cc690b5ad4532baf72a Mon Sep 17 00:00:00 2001 From: sabban Date: Thu, 13 Feb 2025 16:33:10 +0100 Subject: [PATCH 6/9] typos --- crowdsec-docs/unversioned/bouncers/apache.mdx | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/crowdsec-docs/unversioned/bouncers/apache.mdx b/crowdsec-docs/unversioned/bouncers/apache.mdx index 59cb25cb5..8233e0754 100644 --- a/crowdsec-docs/unversioned/bouncers/apache.mdx +++ b/crowdsec-docs/unversioned/bouncers/apache.mdx @@ -49,7 +49,9 @@ At the back, this component uses `mod_proxy`, `mod_ssl` for requests to LAPI, an Packages are only available for debian like systems and -The module can be built and installed on other platform as well.. +The module can be built and installed on other platform as well. + +Please keep in mind that this bouncer only supports live mode. ::: @@ -72,7 +74,7 @@ Please note that the repository for this package is not the same as the one hold ::: ```bash -curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash +curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec-apache/script.deb.sh | sudo bash ``` ### Installation From 115cf28b6eaa0287c65d2541425b88e973c31dc1 Mon Sep 17 00:00:00 2001 From: sabban Date: Thu, 13 Feb 2025 16:53:18 +0100 Subject: [PATCH 7/9] change fallback default --- crowdsec-docs/unversioned/bouncers/apache.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crowdsec-docs/unversioned/bouncers/apache.mdx b/crowdsec-docs/unversioned/bouncers/apache.mdx index 8233e0754..53dd6518c 100644 --- a/crowdsec-docs/unversioned/bouncers/apache.mdx +++ b/crowdsec-docs/unversioned/bouncers/apache.mdx @@ -150,9 +150,9 @@ Behavior can be overriden in any location. > fail|block|allow How to respond if the Crowdsec API is not available: - - `fail` (**default**) returns a 500 Internal Server Error. + - `fail` returns a 500 Internal Server Error. - `block` returns a 302 Redirect (or 429 Too Many Requests if CrowdsecLocation is unset). - - `allow` will allow the request through. + - `allow` (**default**) will allow the request through. ### `CrowdsecBlockedHTTPCode` From cb00d9fea297eca79e4b3792505640c027315d8f Mon Sep 17 00:00:00 2001 From: sabban Date: Thu, 13 Feb 2025 17:04:32 +0100 Subject: [PATCH 8/9] typos thx @sbl --- crowdsec-docs/unversioned/bouncers/apache.mdx | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/crowdsec-docs/unversioned/bouncers/apache.mdx b/crowdsec-docs/unversioned/bouncers/apache.mdx index 53dd6518c..e7f4497de 100644 --- a/crowdsec-docs/unversioned/bouncers/apache.mdx +++ b/crowdsec-docs/unversioned/bouncers/apache.mdx @@ -47,7 +47,7 @@ At the back, this component uses `mod_proxy`, `mod_ssl` for requests to LAPI, an :::warning -Packages are only available for debian like systems and +Packages are only available for debian and ubuntu systems. The module can be built and installed on other platform as well. @@ -55,9 +55,6 @@ Please keep in mind that this bouncer only supports live mode. ::: -Clone or download directly [from our GitHub repository](https://github.com/crowdsecurity/cs-apache2-bouncer). - - +Clone or download directly [from our GitHub repository](https://github.com/crowdsecurity/cs-apache2-bouncer). + ```bash aclocal autoconf From f2c72f27dd4aea504712f9eef6b0316013ec5b1a Mon Sep 17 00:00:00 2001 From: sabban Date: Thu, 13 Feb 2025 17:07:08 +0100 Subject: [PATCH 9/9] configuration files --- crowdsec-docs/unversioned/bouncers/apache.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crowdsec-docs/unversioned/bouncers/apache.mdx b/crowdsec-docs/unversioned/bouncers/apache.mdx index e7f4497de..fc42a1c98 100644 --- a/crowdsec-docs/unversioned/bouncers/apache.mdx +++ b/crowdsec-docs/unversioned/bouncers/apache.mdx @@ -134,6 +134,8 @@ sudo systemctl restart apache2 ## Configuration directives +The configuration file is stored in `/etc/crowdsec/bouncers/crowdsec-apache2-bouncer.conf` by default. + ### `Crowdsec` > on|off