We have much trouble, because Crowdsec blocks our own people.
is it possible to disable this for awhile to testing? We don, t like to deinstall!!
Thanks…
… But that are too much and everyday new IPs
And where do the many IPs come from? From your own internal network, or from the WWW? If from your own network / your own networks, just enter them in the approval list.
Reading the doc, I’d say you can temporary disable it by using:
systemctl stop crowdsec1
this needs much more analysis, else the answer of giacomo is good, stop crowdsec
you could have a webapp that could generate 40x http error code, you should comes here with the name of the jail and the code lines that you can find in journald that have triggered the jail
crowdsec does what is intended to do, find log lines and ban
Thanks to all answers,
After disabling Crowdsec we found that the connection from smartphones to our webservers 3…6 times a day were interrupted. Now we seek the reason…
Is it possible, that crowdsec this short interruptions misunderstood as attacks and that’s why banned this IP’s ???
if you enroll to the webconsole you can see from the website the cause of the ban, else everything will be done from cscli
podman exec -ti crowdsec1 cscli decisions list --all