Skip to content

add documentaion for apache2 bouncer #726

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Feb 13, 2025
Merged

add documentaion for apache2 bouncer #726

Changes from 9 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
39b88b6
add documentaion for apache2 bouncer
sabban Jan 28, 2025
ad325a2
typo fix
sabban Jan 28, 2025
f4a3e27
typo
sabban Jan 29, 2025
b52db0c
typo
sabban Jan 29, 2025
ea492a3
this will have to be merged after adding apache bouncer to final release
sabban Jan 29, 2025
1dad4cf
typos
sabban Feb 13, 2025
e63a0b3
Merge branch 'main' into packaging/apache2
sabban Feb 13, 2025
115cf28
change fallback default
sabban Feb 13, 2025
96b2018
Merge branch 'packaging/apache2' of github.com:crowdsecurity/crowdsec…
sabban Feb 13, 2025
cb00d9f
typos thx @sbl
sabban Feb 13, 2025
f2c72f2
configuration files
sabban Feb 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 26 additions & 14 deletions crowdsec-docs/unversioned/bouncers/apache.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,27 +47,40 @@ At the back, this component uses `mod_proxy`, `mod_ssl` for requests to LAPI, an

:::warning

There is not yet publicly available packages or this Remediation Component.
Packages are only available for debian like systems and
Copy link
Member

@blotus blotus Feb 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Additional and or sentence is not finished.


We are providing ways to build your own while we're working on packaging.
The module can be built and installed on other platform as well.

Please keep in mind that this bouncer only supports live mode.

:::

Clone or download directly [from our GitHub repository](https://github.com/crowdsecurity/cs-apache2-bouncer).
Copy link
Member

@blotus blotus Feb 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should probably be in the Others tab ?



<Tabs
defaultValue="nginx_debian"
defaultValue="apache_debian"
values={[
{ label: 'Debian/Ubuntu', value: 'nginx_debian' ,},
{ label: 'Debian/Ubuntu', value: 'apache_debian' ,},
{ label: 'Others (build from source)', value: 'others' ,},
]
}>
<TabItem value="nginx_debian">
<TabItem value="apache_debian">

### Repository configuration

:::warning
Please note that the repository for this package is not the same as the one holding CrowdSec's binary packages,
:::

```bash
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec-apache/script.deb.sh | sudo bash
```

### Installation

```bash
dpkg-buildpackage -us -uc
sudo dpkg -i ../crowdsec-apache2-bouncer_1.0.0_amd64.deb
sudo apt-get install crowdsec-apache2-bouncer
```

</TabItem>
Expand All @@ -87,10 +100,6 @@ sudo mkdir -p /etc/crowdsec/bouncers/
sudo cp ./config/crowdsec-apache2-bouncer.conf /etc/crowdsec/bouncers/
```

</TabItem>

</Tabs>

### Initial Configuration

Enable the mod_crowdsec module:
Expand All @@ -110,7 +119,6 @@ Remediation Component config's is located in `/etc/crowdsec/bouncers/crowdsec-ap
```bash
## Replace the API key with the newly generated one [1]
CrowdsecAPIKey this_is_a_bad_password
...
```

:::info
Expand All @@ -121,6 +129,10 @@ If needed, edit `CrowdsecURL` (and other parameters)
sudo systemctl restart apache2
```

</TabItem>
</Tabs>


## Configuration directives

### `Crowdsec`
Expand All @@ -138,9 +150,9 @@ Behavior can be overriden in any location.
> fail|block|allow

How to respond if the Crowdsec API is not available:
- `fail` (**default**) returns a 500 Internal Server Error.
- `fail` returns a 500 Internal Server Error.
- `block` returns a 302 Redirect (or 429 Too Many Requests if CrowdsecLocation is unset).
- `allow` will allow the request through.
- `allow` (**default**) will allow the request through.

### `CrowdsecBlockedHTTPCode`

Expand Down