diff --git a/crowdsec-docs/docs/appsec/quickstart.md b/crowdsec-docs/docs/appsec/quickstart/nginxopenresty.mdx
similarity index 50%
rename from crowdsec-docs/docs/appsec/quickstart.md
rename to crowdsec-docs/docs/appsec/quickstart/nginxopenresty.mdx
index eec10ba58..2cf6f5d3a 100644
--- a/crowdsec-docs/docs/appsec/quickstart.md
+++ b/crowdsec-docs/docs/appsec/quickstart/nginxopenresty.mdx
@@ -1,26 +1,48 @@
---
-id: quickstart
-title: CrowdSec WAF Quickstart
-sidebar_position: 2
+id: nginxopenresty
+title: Nginx / OpenResty
---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+import CodeBlock from '@theme/CodeBlock';
+
+# CrowdSec WAF QuickStart for Nginx/OpenResty
+
## Objectives
-The goal of this quickstart is to set up the [AppSec Component](/appsec/intro.md#introduction) to safeguard web applications running on [Nginx](https://nginx.com). We'll deploy a [set of rules](https://app.crowdsec.net/hub/author/crowdsecurity/collections/appsec-virtual-patching) designed to block [well-known attacks](https://app.crowdsec.net/hub/author/crowdsecurity/collections/appsec-generic-rules) and [currently exploited vulnerabilities](https://app.crowdsec.net/hub/author/crowdsecurity/collections/appsec-virtual-patching). Additionally, we'll show how to monitor these alerts through the [console](https://app.crowdsec.net/).
+The goal of this quickstart is to set up the [AppSec Component](/appsec/intro.md#introduction) to safeguard web applications running on [Nginx](https://nginx.com) or [OpenResty](https://openresty.org/en/).
+
+We'll deploy a [set of rules](https://app.crowdsec.net/hub/author/crowdsecurity/collections/appsec-virtual-patching) designed to block [well-known attacks](https://app.crowdsec.net/hub/author/crowdsecurity/collections/appsec-generic-rules) and [currently exploited vulnerabilities](https://app.crowdsec.net/hub/author/crowdsecurity/collections/appsec-virtual-patching).
+
+Additionally, we'll show how to monitor these alerts through the [console](https://app.crowdsec.net/).
## Pre-requisites
1. If you're new to the [AppSec Component](/appsec/intro.md#introduction) or **W**eb **A**pplication **F**irewalls, start with the [Introduction](/appsec/intro.md#introduction) for a better understanding.
2. It's assumed that you have already installed:
- - **Crowdsec [Security Engine](/docs/next/intro)**: for installation, refer to the [QuickStart guide](/docs/getting_started/install_crowdsec). The AppSec Component, which analyzes HTTP requests, is included within the security engine.
- - One of the supported web servers (here: nginx) and its **[Remediation Component](/u/bouncers/intro)**: installation instructions are available in the [QuickStart guide](/u/bouncers/nginx). This component intercepts HTTP requests at the webserver or reverse-proxy level and forwards them to the AppSec Component for analysis and action.
+ - **CrowdSec [Security Engine](intro.mdx)**: for installation, refer to the [QuickStart guide](/u/getting_started/installation/linux). The AppSec Component, which analyzes HTTP requests, is included within the security engine as a [Acquisition](data_sources/appsec.md).
+ - One of the supported web servers for this guide:
+ - Nginx **[Remediation Component](/u/bouncers/intro)**: installation instructions are available in the [QuickStart guide](/u/bouncers/nginx).
+ - OpenResty **[Remediation Component](/u/bouncers/intro)**: installation instructions are available in the [QuickStart guide](/u/bouncers/openresty).
+
+ This component intercepts HTTP requests at the webserver or reverse-proxy level and forwards them to the AppSec Component for analysis and action.
+
+:::info
+The reason we provide Nginx and OpenResty in a single guide is that OpenResty is a web server based on Nginx just the configuration paths are different
+:::
## AppSec Component Setup
### Collection installation
-To begin setting up the AppSec Component, the initial step is to install a relevant set of rules. We will utilize the [`crowdsecurity/appsec-virtual-patching`](https://app.crowdsec.net/hub/author/crowdsecurity/collections/appsec-virtual-patching) collection, which offers a wide range of rules aimed at identifying and preventing the exploitation of known vulnerabilities. This [collection](/concepts.md#collections) is regularly updated to include protection against newly discovered vulnerabilities. Upon installation, it receives automatic daily updates to ensure your protection is always current.
+To begin setting up the AppSec Component, the initial step is to install a relevant set of rules.
+
+We will utilize the [`crowdsecurity/appsec-virtual-patching`](https://app.crowdsec.net/hub/author/crowdsecurity/collections/appsec-virtual-patching) collection, which offers a wide range of rules aimed at identifying and preventing the exploitation of known vulnerabilities.
+
+This [collection](/concepts.md#collections) is regularly updated to include protection against newly discovered vulnerabilities. Upon installation, it receives automatic daily updates to ensure your protection is always current.
Furthermore we also install the [`crowdsecurity/appsec-generic-rules`](https://app.crowdsec.net/hub/author/crowdsecurity/collections/appsec-generic-rules) collection. This collection contains detection scenarios for generic attack vectors. It provides some protection in cases where specific scenarios for vulnerabilities do not exist (yet).
On the machine where the Security Engine is installed, just execute the following command:
@@ -30,36 +52,42 @@ You can always view the content of a [collection on the hub](https://app.crowdse
:::
```
-sudo cscli collections install crowdsecurity/appsec-virtual-patching
-sudo cscli collections install crowdsecurity/appsec-generic-rules
+sudo cscli collections install crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules
```
Executing this command will install the following items:
- The [*AppSec Rules*](/appsec/rules_syntax.md) contain the definition of malevolent requests to be matched and stopped
-- The [*AppSec configuration*](/appsec/configuration.md#appsec-configuration) links together a set of rules to provide a coherent set
+- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration) links together a set of rules to provide a coherent set
- The [*CrowdSec Parser*](/concepts.md#parsers) and [*CrowdSec Scenario(s)*](/concepts.md#scenarios) bans for a longer duration repeating offenders
-### Setup the acquisition
+### Setup the Acquisition
-Having installed the required components, it's time to configure the CrowdSec [Acquisition](/concepts.md#acquisition) to connect the Application Security Component with our Nginx web server. This configuration allows our Nginx server to send requests to the AppSec Component for evaluation and decision-making.
+Having installed the required components, it's time to configure the CrowdSec [Acquisition](/concepts.md#acquisition) to expose the Application Security Component to our web server. This configuration allows our Nginx/OpenResty server to send requests to the AppSec Component for evaluation and decision-making.
- - Create the `/etc/crowdsec/acquis.d/` directory with `mkdir -p /etc/crowdsec/acquis.d/` (if it doesn't exist on your machine)
- - Put the following content in `/etc/crowdsec/acquis.d/appsec.yaml` :
-
-```yaml title="/etc/crowdsec/acquis.d/appsec.yaml"
-appsec_config: crowdsecurity/appsec-default
-labels:
- type: appsec
-listen_addr: 127.0.0.1:7422
-source: appsec
-```
+Steps:
+ 1. Create the `/etc/crowdsec/acquis.d/` directory (if it doesn't exist on your machine)
+ ```
+ mkdir -p /etc/crowdsec/acquis.d/
+ ```
+ 2. Create a file `/etc/crowdsec/acquis.d/appsec.yaml` with the following content:
+ ```yaml title="/etc/crowdsec/acquis.d/appsec.yaml"
+ appsec_config: crowdsecurity/appsec-default
+ labels:
+ type: appsec
+ listen_addr: 127.0.0.1:7422
+ source: appsec
+ ```
The two important directives in this configuration file are:
- - `appsec_config` is the name of the [*AppSec configuration*](/appsec/configuration.md#appsec-configuration) that was included in the [collection](/concepts.md#colleccollectionstion) we just installed.
+ - `appsec_config` is the name of the [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration) that was included in the [Collection](/concepts.md#colleccollectionstion) we just installed.
- the `listen_addr` is the IP and port the AppSec Component will listen to.
+:::warning
+We do not recommend exposing the AppSec Component to the internet. It should only be accessible from the web server or reverse proxy.
+:::
+
:::info
You can find more about the [supported options for the acquisition here](/data_sources/appsec.md)
:::
@@ -70,8 +98,51 @@ You can now restart CrowdSec:
sudo systemctl restart crowdsec
```
+#### Testing the AppSec Component
+
+##### Verify the AppSec Component is listening
+
+To verify that the AppSec Component is running correctly, we can first check that the port `7422` is open and listening:
+
+:::note
+If you have changed the port in the configuration file, replace `7422` with the new port number.
+:::
+
+
+
+
+ sudo netstat -tlpn | grep 7422
+
+
+
+ sudo ss -tlpn | grep 7422
+
+
+
- (Optional) Manually testing the AppSec Component with `curl`
+
+Output example
+
+```bash
+tcp 0 0 127.0.0.1:7422 0.0.0.0:* LISTEN 12345/crowdsec
+```
+
+:::note
+The output may look differently depending on which command you used but as long as you see the port and the process `crowdsec`, it means the AppSec Component is running.
+:::
+
+
+
+##### (Optional) Manually testing the AppSec Component with `curl`
+
+
+ Expand for short guide
Before we proceed with configuring the Remediation Component, let's verify that all our current setups are functioning correctly.
@@ -133,24 +204,22 @@ sudo cscli bouncers delete test_waf
-
## Remediation Component Setup
-With our AppSec Component active within CrowdSec, it's time to configure the remediation component to forward requests to it.
+Since our AppSec Component is active and listening, we can now configure the Remediation Component to forward requests to it.
-:::info
-Different Remediation Components may offer various options for this setup, so consult the documentation for your specific component.
-:::
+To setup forwarding of requests in the remediation component, we'll modify its configuration file and append the following line:
-To setup forwarding of requests in the Nginx remediation component, we'll modify its configuration file (`/etc/crowdsec/bouncers/crowdsec-nginx-bouncer.conf`) by adding the following entries:
+- `Nginx`: `/etc/crowdsec/bouncers/crowdsec-nginx-bouncer.conf`
+- `OpenResty`: `/etc/crowdsec/bouncers/crowdsec-openresty-bouncer.conf`
-```bash title="/etc/crowdsec/bouncers/crowdsec-nginx-bouncer.conf"
+```bash
APPSEC_URL=http://127.0.0.1:7422
```
+This instructs the remediation component to communicate with the AppSec Component at `http://127.0.0.1:7422`.
-
-This instructs our Nginx plugin (the remediation component) to communicate with the AppSec Component at `http://127.0.0.1:7422`. Once configured, all incoming HTTP requests will be sent there for analysis. The snippet above assumes that the AppSec Component is running on the same machine.
+Once configured, all incoming HTTP requests will be sent there for analysis. The snippet above assumes that the AppSec Component is running on the same machine.
We can now restart the service:
@@ -158,27 +227,24 @@ We can now restart the service:
sudo systemctl restart nginx
```
-### Testing the AppSec Component + Nginx
+## Testing the AppSec Component + Remediation Component
:::note
-We're assuming Nginx is installed on the same machine and is listening on port 80. Please adjust your testing accordingly if this is not the case.
+We're assuming the web server is installed on the same machine and is listening on port 80. Please adjust your testing accordingly if this is not the case.
:::
-if now try to access `http://localhost/.env` from a browser, our If you now attempt to access `http://localhost/.env` from a browser, your request will be blocked, resulting in the display of the following HTML page: will be blocked, and we will see the following HTML page:
+if you try to access `http://localhost/.env` from a browser, your request will be blocked, resulting in the display of the following HTML page:
-We can also look at the metrics from `cscli metrics`. Amongst other things, it will show:
+We can also look at the metrics from `cscli metrics show appsec` it will display:
- the number of requests processed by the AppSec Component
- Individual rule matches
-
- cscli metrics output example
+
+ Example Output
-```bash
-▶ sudo cscli metrics
-
-...
+```bash title="sudo cscli metrics show appsec"
Appsec Metrics:
╭─────────────────┬───────────┬─────────╮
│ Appsec Engine │ Processed │ Blocked │
@@ -192,32 +258,29 @@ Appsec '127.0.0.1:7422/' Rules Metrics:
├─────────────────────────────────┼───────────┤
│ crowdsecurity/vpatch-env-access │ 1 │
╰─────────────────────────────────┴───────────╯
-
```
-
+
### Explanation
What happened in the test that we just did is:
- 1. We did a request (`localhost/.env`) to our local nginx webserver
- 2. Nginx, thanks to the Remediation Component configuration, forwarded the request to `http://127.0.0.1:7422`
+ 1. We did a request (`localhost/.env`) to our local webserver
+ 2. Thanks to the Remediation Component configuration, forwarded the request to `http://127.0.0.1:7422`
3. Our AppSec Component, listening on `http://127.0.0.1:7422` analyzed the request
4. The request matches the [AppSec rule to detect .env access](https://app.crowdsec.net/hub/author/crowdsecurity/appsec-rules/vpatch-env-access)
- 5. The AppSec Component thus answered with [HTTP 403](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403) to Nginx, indicating that the request must be blocked
- 6. Nginx presented us with the default "request blocked" page provided by the Remediation Component
+ 5. The AppSec Component thus answered with [HTTP 403](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403) to the Remediation Component, indicating that the request must be blocked
+ 6. The web server then presented us with the default "request blocked" page.
-## Integration with the console
+ ## Integration with the console
-
-If you haven't yet, follow the guide about [how to enroll your Security Engine in the console](/docs/getting_started/install_crowdsec).
+If you haven't yet, follow the guide about [how to enroll your Security Engine in the console](/u/getting_started/post_installation/console).
Once done, all your alerts, including the ones generated by the AppSec Component, are going to appear in the console:
-
## Next steps
You are now running the AppSec Component on your Crowdsec Security Engine, congrats!
@@ -225,4 +288,4 @@ You are now running the AppSec Component on your Crowdsec Security Engine, congr
As the next steps, you can:
- [Explore the hub](https://hub.crowdsec.net) to find more rules for your use case
- Look at the [Rules syntax](/appsec/rules_syntax.md) and [creation process](/appsec/create_rules.md) to create your own and contribute
- - Take a look at [the benchmarks](/appsec/benchmark.md)
\ No newline at end of file
+ - Take a look at [the benchmarks](/appsec/benchmark.md)
diff --git a/crowdsec-docs/docs/appsec/quickstart/traefik.mdx b/crowdsec-docs/docs/appsec/quickstart/traefik.mdx
new file mode 100644
index 000000000..913c7c58b
--- /dev/null
+++ b/crowdsec-docs/docs/appsec/quickstart/traefik.mdx
@@ -0,0 +1,265 @@
+---
+id: traefik
+title: Traefik
+---
+
+import FormattedTabs from '@site/src/components/FormattedTabs';
+
+# CrowdSec WAF QuickStart for Traefik
+
+## Objectives
+
+The goal of this quickstart is to set up the [AppSec Component](/appsec/intro.md#introduction) to safeguard web applications running on [Traefik](https://doc.traefik.io/traefik/) reverse proxy.
+
+We'll deploy a [set of rules](https://app.crowdsec.net/hub/author/crowdsecurity/collections/appsec-virtual-patching) designed to block [well-known attacks](https://app.crowdsec.net/hub/author/crowdsecurity/collections/appsec-generic-rules) and [currently exploited vulnerabilities](https://app.crowdsec.net/hub/author/crowdsecurity/collections/appsec-virtual-patching).
+
+Additionally, we'll show how to monitor these alerts through the [console](https://app.crowdsec.net/).
+
+## Pre-requisites
+
+1. If you're new to the [AppSec Component](/appsec/intro.md#introduction) or **W**eb **A**pplication **F**irewalls, start with the [Introduction](/appsec/intro.md#introduction) for a better understanding.
+
+2. It's assumed that you have already installed:
+ - **CrowdSec [Security Engine](intro.mdx)**: for installation, refer to the [QuickStart guide](/u/getting_started/installation/linux). The AppSec Component, which analyzes HTTP requests, is included within the security engine as a [Acquisition](data_sources/appsec.md).
+ - Traefik Plugin **[Remediation Component](/u/bouncers/intro)**: Thanks to [maxlerebourg](https://github.com/maxlerebourg) and team they created a [Traefik Plugin](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) that allows you to block requests directly from Traefik.
+
+:::info
+Prior to starting the guide ensure you are using the [Traefik Plugin](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) and **NOT** the older [traefik-crowdsec-bouncer](https://app.crowdsec.net/hub/author/fbonalair/remediation-components/traefik-crowdsec-bouncer) as it hasnt recieved updates to use the new AppSec Component.
+:::
+
+:::warning
+This guide will assume you already have a working Traefik setup using the Traefik Plugin. If you need help setting up Traefik, refer to the [official documentation](https://doc.traefik.io/traefik/) and the [Traefik Plugin](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) documentation.
+:::
+
+## AppSec Component Setup
+
+### Collection installation
+
+To begin setting up the AppSec Component, the initial step is to install a relevant set of rules.
+
+We will utilize the [crowdsecurity/appsec-virtual-patching](https://app.crowdsec.net/hub/author/crowdsecurity/collections/appsec-virtual-patching) collection, which offers a wide range of rules aimed at identifying and preventing the exploitation of known vulnerabilities.
+
+This [collection](/concepts.md#collections) is regularly updated to include protection against newly discovered vulnerabilities. Upon installation, it receives automatic daily updates to ensure your protection is always current.
+
+Furthermore we also install the [crowdsecurity/appsec-generic-rules](https://app.crowdsec.net/hub/author/crowdsecurity/collections/appsec-generic-rules) collection. This collection contains detection scenarios for generic attack vectors. It provides some protection in cases where specific scenarios for vulnerabilities do not exist (yet).
+
+On the machine where the Security Engine is installed, just execute the following command:
+
+:::info
+You can always view the content of a [collection on the hub](https://app.crowdsec.net/hub/author/crowdsecurity/collections/appsec-virtual-patching)
+:::
+
+
+
+Executing this command or updating the compose will install the following items:
+
+- The [*AppSec Rules*](/appsec/rules_syntax.md) contain the definition of malevolent requests to be matched and stopped.
+- The [*AppSec Configuration*](/appsec/configuration.md#appsec-configuration) links together a set of rules to provide a coherent set.
+- The [*CrowdSec Parser*](/concepts.md#parsers) and [*CrowdSec Scenario(s)*](/concepts.md#scenarios) are used to detect and remediate persistent attacks.
+
+Once you have updated your compose or installed via the command line, will we need to restart the container. However, before we do that, we need to setup the acquisition for the AppSec Component.
+
+### Setup the Acquisition
+
+Depending on how you are running the CrowdSec Security Engine, you will need to configure the acquisition for the AppSec Component.
+
+If you have a folder in which you are persisting the configuration files, you can create a `appsec.yaml` and mount it into the container.
+
+There steps will change depending on how you are running the Security Engine. If you are running via `docker run` then you should launch the container within the same directory as the `appsec.yaml` file. If you are using `docker-compose` you can use a relative file mount to mount the `appsec.yaml` file.
+
+Steps:
+ 1. Change to the location where you exectued the `docker run` or `docker compose` command.
+ 2. Create a `appsec.yaml` file at the base of the directory.
+ 3. Add the following content to the `appsec.yaml` file.
+
+```yaml title="appsec.yaml"
+appsec_config: crowdsecurity/appsec-default
+labels:
+ type: appsec
+listen_addr: 0.0.0.0:7422
+source: appsec
+```
+:::note
+Since CrowdSec is running inside a container you must set the `listen_addr` to `0.0.0.0` instead of the typical `127.0.0.1` as the container is running in a separate network.
+:::
+
+ 4. Edit the `docker run` or `docker-compose` command to include the `appsec.yaml` file.
+
+
+
+Once you have created the `appsec.yaml` file and mounted it into the container, you can recreate the container.
+
+:::note
+If you are using `docker run` you can skip to the [Remediation Component Setup](#remediation-component-setup) section.
+:::
+
+Once you have updated the compose file to include the volume mount and the updated environment variable, you can restart the container.
+
+```bash
+docker compose down crowdsec
+docker compose rm crowdsec
+docker compose up -d crowdsec
+```
+
+:::note
+The previous compose commands presume the container is named `crowdsec`. If you have named the container something else, you will need to replace `crowdsec` with the name of your container.
+:::
+
+## Remediation Component Setup
+
+As stated previously this guide already presumes you have the Traefik Plugin installed. If you do not have the Traefik Plugin installed, please refer to the [official documentation](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) for installation instructions.
+
+### Configuration
+
+Depending on how you configured the Traefik Plugin, you will need to update the configuration to include the AppSec configuration.
+
+:::warning
+Currently AppSec does not support mTLS authentication for the AppSec Component. If you have mTLS enabled, and wish to use the AppSec Component, you can define seperate middlewares for the AppSec Component.
+:::
+
+If you have defined a dynamic configuration file for Traefik, you can add the following configuration to the file.
+
+```yaml title="traefik_dynamic.yaml"
+# Dynamic configuration
+http:
+ routers:
+ my-router:
+ rule: host(`whoami.localhost`)
+ service: service-foo
+ entryPoints:
+ - web
+ middlewares:
+ - crowdsec
+
+ services:
+ service-foo:
+ loadBalancer:
+ servers:
+ - url: http://127.0.0.1:5000
+
+ middlewares:
+ crowdsec:
+ plugin:
+ bouncer:
+ crowdsecAppsecEnabled: true
+ crowdsecAppsecHost: crowdsec:7422
+ crowdsecAppsecFailureBlock: true
+ crowdsecAppsecUnreachableBlock: true
+ crowdsecLapiKey: privateKey-foo
+```
+
+Instead if you define the configuration using labels on the containers you can add the following labels to the Traefik Plugin container.
+
+```yaml
+ labels:
+ - "traefik.http.middlewares.crowdsec-bar.plugin.bouncer.crowdsecAppsecEnabled=true"
+ - "traefik.http.middlewares.crowdsec-bar.plugin.bouncer.crowdsecAppsecHost=crowdsec:7422"
+ - "traefik.http.middlewares.crowdsec-bar.plugin.bouncer.crowdsecLapiKey=privateKey-foo"
+```
+
+For more comprehensive documentation on the Traefik Plugin configuration, please refer to the [official documentation](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin).
+
+We can't cover all the possible configurations for Traefik in this guide, so please refer to the [official documentation](https://doc.traefik.io/traefik/) for more information.
+
+### Directives
+
+The following directives are available for the Traefik Plugin:
+
+#### `crowdsecAppsecEnabled`
+> `bool`
+
+Enable or disable the AppSec Component.
+
+#### `crowdsecAppsecHost`
+> `string`
+
+The host and port where the AppSec Component is running.
+
+#### `crowdsecAppsecFailureBlock`
+> `bool`
+
+If the AppSec Component returns `500` status code should the request be blocked.
+
+#### `crowdsecAppsecUnreachableBlock`
+> `bool`
+
+If the AppSec Component is unreachable should the request be blocked.
+
+## Testing the AppSec Component + Remediation Component
+
+:::note
+We're assuming the web server is installed on the same machine and is listening on port 80. Please adjust your testing accordingly if this is not the case.
+:::
+
+if you try to access `http://localhost/.env` from a browser, your request will be blocked, resulting in the display of the following HTML page:
+
+
+
+We can also look at the metrics from `cscli metrics show appsec` it will display:
+ - the number of requests processed by the AppSec Component
+ - Individual rule matches
+
+
+ Example Output
+
+```bash title="sudo cscli metrics show appsec"
+Appsec Metrics:
+╭─────────────────┬───────────┬─────────╮
+│ Appsec Engine │ Processed │ Blocked │
+├─────────────────┼───────────┼─────────┤
+│ 127.0.0.1:7422/ │ 2 │ 1 │
+╰─────────────────┴───────────┴─────────╯
+
+Appsec '127.0.0.1:7422/' Rules Metrics:
+╭─────────────────────────────────┬───────────╮
+│ Rule ID │ Triggered │
+├─────────────────────────────────┼───────────┤
+│ crowdsecurity/vpatch-env-access │ 1 │
+╰─────────────────────────────────┴───────────╯
+```
+
+
+
+### Explanation
+
+What happened in the test that we just did is:
+
+ 1. We did a request (`localhost/.env`) to our local webserver
+ 2. Thanks to the Remediation Component configuration, forwarded the request to `http://127.0.0.1:7422`
+ 3. Our AppSec Component, listening on `http://127.0.0.1:7422` analyzed the request
+ 4. The request matches the [AppSec rule to detect .env access](https://app.crowdsec.net/hub/author/crowdsecurity/appsec-rules/vpatch-env-access)
+ 5. The AppSec Component thus answered with [HTTP 403](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403) to the Remediation Component, indicating that the request must be blocked
+ 6. The web server then presented us with the default "request blocked" page.
+
+ ## Integration with the console
+
+If you haven't yet, follow the guide about [how to enroll your Security Engine in the console](/u/getting_started/post_installation/console).
+
+Once done, all your alerts, including the ones generated by the AppSec Component, are going to appear in the console:
+
+
+
+## Next steps
+
+You are now running the AppSec Component on your Crowdsec Security Engine, congrats!
+
+As the next steps, you can:
+ - [Explore the hub](https://hub.crowdsec.net) to find more rules for your use case
+ - Look at the [Rules syntax](/appsec/rules_syntax.md) and [creation process](/appsec/create_rules.md) to create your own and contribute
+ - Take a look at [the benchmarks](/appsec/benchmark.md)
diff --git a/crowdsec-docs/sidebars.js b/crowdsec-docs/sidebars.js
index 2a5b0bf2a..bb18ba3a2 100644
--- a/crowdsec-docs/sidebars.js
+++ b/crowdsec-docs/sidebars.js
@@ -750,8 +750,16 @@
],
appSecSideBar : [
{ type: "doc", id: "appsec/intro", label: "CrowdSec WAF"},
- { type: "doc", id: "appsec/quickstart", label: "Quickstart"},
- { type: "doc", id: "appsec/configuration", label: "Configuration Files"},
+ {
+ type: "category",
+ label: "Quickstart",
+ items: [
+ { type: "doc", id: "appsec/quickstart/nginxopenresty"},
+ { type: "doc", id: "appsec/quickstart/traefik"}
+ ]
+
+ },
+ { type: "doc", id: "appsec/configuration"},
{
type: "category",
label: "Rules & Scenarios",
diff --git a/crowdsec-docs/src/components/FormattedTabs.js b/crowdsec-docs/src/components/FormattedTabs.js
new file mode 100644
index 000000000..e88155d9d
--- /dev/null
+++ b/crowdsec-docs/src/components/FormattedTabs.js
@@ -0,0 +1,155 @@
+import Tabs from "@theme/Tabs"
+import TabItem from "@theme/TabItem"
+import CodeBlock from "@theme/CodeBlock"
+import {
+ cibKubernetes,
+ cibLinux,
+ cibWindows,
+ cibPowershell,
+ cilShortText,
+ cibDocker,
+ cilDollar,
+} from "@coreui/icons"
+/*
+ * This component is used to display code snippets for both Unix and Windows operating systems.
+ * It uses the Docusaurus Tabs component to display the code snippets for both operating systems.
+ * The component takes in three props: bash, powershell, and cmd.
+ * The bash prop is used to display the code snippet for Unix operating systems.
+ * The powershell prop is used to display the code snippet for Windows Powershell.
+ * The cmd prop is used to display the code snippet for Windows Command Prompt.
+ */
+export default function FormattedTabs({ ...props }) {
+ const values = []
+ let defaultValue = ""
+
+ if (props.bash !== undefined) {
+ defaultValue = "nix"
+ values.push({ label: "Linux/Freebsd", value: "nix", icon: cibLinux })
+ }
+ if (props.powershell !== undefined) {
+ if (defaultValue === "") {
+ defaultValue = "windows"
+ }
+ values.push({ label: "Windows", value: "windows", icon: cibWindows })
+ }
+
+ if (props.docker !== undefined || props.dockerCompose !== undefined) {
+ if (defaultValue === "") {
+ defaultValue = "docker"
+ }
+ values.push({ label: "Docker", value: "docker", icon: cibDocker })
+ }
+
+ if (props.k8s !== undefined || props.yaml !== undefined) {
+ if (defaultValue === "") {
+ defaultValue = "kubernetes"
+ }
+ values.push({
+ label: "Kubernetes",
+ value: "kubernetes",
+ icon: cibKubernetes,
+ })
+ }
+
+ return (
+
+
+ {props.bash}
+
+
+ {props.cmd === undefined && props.powershell !== undefined ? (
+
+ {props.powershell}
+
+ ) : null}
+ {props.cmd !== undefined && props.powershell === undefined ? (
+ {props.cmd}
+ ) : null}
+ {props.cmd !== undefined && props.powershell !== undefined ? (
+
+
+
+ {props.powershell}
+
+
+
+
+ {props.cmd}
+
+
+
+ ) : null}
+
+
+ {props.docker !== undefined &&
+ props.dockerCompose === undefined ? (
+
+ {props.docker}
+
+ ) : null}
+
+ {props.dockerCompose !== undefined && props.docker === undefined ? (
+ {props.dockerCompose}
+ ) : null}
+
+ {props.dockerCompose !== undefined &&
+ props.docker !== undefined ? (
+
+
+
+ {props.docker}
+
+
+
+
+ {props.dockerCompose}
+
+
+
+ ) : null}
+
+
+ {props.yaml !== undefined ? (
+ {props.yaml}
+ ) : null}
+ {props.k8s !== undefined ? (
+ {props.k8s}
+ ) : null}
+
+
+ )
+}
diff --git a/crowdsec-docs/src/components/UnixWindowsK8sTabs.js b/crowdsec-docs/src/components/UnixWindowsK8sTabs.js
deleted file mode 100644
index f9c3b3e7f..000000000
--- a/crowdsec-docs/src/components/UnixWindowsK8sTabs.js
+++ /dev/null
@@ -1,79 +0,0 @@
-import Tabs from "@theme/Tabs";
-import TabItem from "@theme/TabItem";
-import CodeBlock from "@theme/CodeBlock";
-import {
-cibKubernetes,
-cibLinux,
-cibWindows,
-cibPowershell,
-cilShortText,
-} from "@coreui/icons";
-/*
- * This component is used to display code snippets for both Unix and Windows operating systems.
- * It uses the Docusaurus Tabs component to display the code snippets for both operating systems.
- * The component takes in three props: bash, powershell, and cmd.
- * The bash prop is used to display the code snippet for Unix operating systems.
- * The powershell prop is used to display the code snippet for Windows Powershell.
- * The cmd prop is used to display the code snippet for Windows Command Prompt.
- */
-export default function UnixWindowsK8sTabs({ ...props }) {
- return (
-
-
- {props.bash}
-
-
- {props.cmd === undefined && props.powershell === undefined ? (
-
- ) : null}
- {props.yaml !== undefined ? (
-
- {props.yaml}
-
- ) : null}
- {props.k8s !== undefined ? (
- {props.k8s}
- ) : null}
-
-
- );
-}
diff --git a/crowdsec-docs/unversioned/getting_started/post_installation/acquisition_new.mdx b/crowdsec-docs/unversioned/getting_started/post_installation/acquisition_new.mdx
index 9cc1612b7..5155fbac8 100644
--- a/crowdsec-docs/unversioned/getting_started/post_installation/acquisition_new.mdx
+++ b/crowdsec-docs/unversioned/getting_started/post_installation/acquisition_new.mdx
@@ -9,7 +9,7 @@ pagination_next: getting_started/post_installation/profiles
We will be adding a [file based acquisition](/docs/next/data_sources/file). If you need to use a different source then alter the instructions to match your needs.
:::
-import UnixWindowsK8sTabs from '../../../src/components/UnixWindowsK8sTabs';
+import FormattedTabs from '@site/src/components/FormattedTabs';
Once you have found service you want to add, you can use the `cscli` command line tool to add the collection.
@@ -18,7 +18,7 @@ Once you have found service you want to add, you can use the `cscli` command lin
You can view the available collections on the [Hub](https://hub.crowdsec.net/).
:::
-
@@ -51,7 +51,7 @@ By default Remediation components will log to the following locations depending
You can use the os related commands to filter the logs to only show errors.
-