Hub configuration

More info

cdn-whitelist Configuration

« cdn-whitelist »
v0.5 by crowdsecurity
Attack scenario

Whitelist CDN providers

Installation

cscli postoverflows install crowdsecurity/cdn-whitelist

Description

CDNs whitelist based on following lists:

https://www.cloudflare.com/ips-v4

It will whitelist overflows triggered on an IP in those lists

YAML Configuration

1name: crowdsecurity/cdn-whitelist
2description: "Whitelist CDN providers"
3whitelist:
4  reason: "CDN provider"
5  expression: 
6    - "any(File('cloudflare_ips.txt'), { IpInRange(evt.Overflow.Alert.Source.IP ,#)})"
7    - "any(File('cloudflare_ip6s.txt'), { IpInRange(evt.Overflow.Alert.Source.IP ,#)})"
8data:
9  - source_url: https://hub-data.crowdsec.net/whitelists/cdn_providers/cloudflare_ips.txt
10    dest_file: cloudflare_ips.txt
11    type: string
12  - source_url: https://hub-data.crowdsec.net/whitelists/cdn_providers/cloudflare_ip6s.txt
13    dest_file: cloudflare_ip6s.txt
14    type: string
15

Hub configuration

« cdn-whitelist »v0.5 by crowdsecurityAttack scenario

« cdn-whitelist »
v0.5 by crowdsecurity
Attack scenario