Skip to main content
Security Engine version:
Version: v1.7

FQDN

info

FQDN lookups can cause latency. We recommend using them only in the Postoverflow whitelist stage. See introduction for your OS-specific path.

Create a whitelist by fully qualified domain name

If you need to whitelist a fully qualified domain name (FQDN), for example foo.com, create a whitelist file like this:

Create FQDN-whitelists.yaml in your whitelist directory (see introduction for your OS-specific path):

YAML
name: "my/fqdn-whitelists" ## Must be unique
description: "Whitelist postoverflows by FQDN"
whitelist:
  reason: "whitelist by FQDN"
  expression:
    - evt.Overflow.Alert.Source.IP in LookupHost("foo.com")
    - evt.Overflow.Alert.Source.IP in LookupHost("foo.foo.org")
    - evt.Overflow.Alert.Source.IP in LookupHost("12123564.org")

Then reload CrowdSec:

Reload CrowdSec
SHReload CrowdSec
sudo systemctl reload crowdsec
CrowdSec Docs
We use cookies

This site uses cookies to help us improve your experience. You can accept or decline below.