Apache
๐ Documentation ๐ Hub ๐ฌ Discourse
A Remediation Component for Apache.
Beta Remediation Component, please report any issues on GitHub
How does it work ?โ
This component leverages Apache's module mecanism to provide IP address blocking capability.
The module supports Live mode with a local (in-memory) cache.
At the back, this component uses mod_proxy, mod_ssl for requests to LAPI, and mod_socache for the caching feature.
Installationโ
Packages are only available for debian and ubuntu systems.
The module can be built and installed on other platform as well.
Please keep in mind that this bouncer only supports live mode.
- Debian/Ubuntu
- Others (build from source)
Repository configurationโ
Please note that the repository for this package is not the same as the one holding CrowdSec's binary packages,
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec-apache/script.deb.sh | sudo bash
Installationโ
sudo apt-get install crowdsec-apache2-bouncer
Clone or download directly from our GitHub repository.
aclocal
autoconf
autoheader
automake --add-missing
./configure
make
sudo make install
sudo cp config/mod_crowdsec.* /etc/apache2/mods-available/
sudo mkdir -p /etc/crowdsec/bouncers/
sudo cp ./config/crowdsec-apache2-bouncer.conf /etc/crowdsec/bouncers/
Initial Configurationโ
Enable the mod_crowdsec module:
sudo a2enmod mod_crowdsec
Generate an API key for the bouncer [1]:
sudo cscli bouncers add apache2
Remediation Component config's is located in /etc/crowdsec/bouncers/crowdsec-apache2-bouncer.conf:
## Replace the API key with the newly generated one [1]
CrowdsecAPIKey this_is_a_bad_password
If needed, edit CrowdsecURL (and other parameters)
sudo systemctl restart apache2
Configuration directivesโ
The configuration file is stored in /etc/crowdsec/bouncers/crowdsec-apache2-bouncer.conf by default.
Crowdsecโ
on|off
Enable or disable module globally:
off(default): Module has to be enabled per location.on: Module is enabled by default.
Behavior can be overriden in any location.
CrowdsecFallbackโ
fail|block|allow
How to respond if the Crowdsec API is not available:
failreturns a 500 Internal Server Error.blockreturns a 302 Redirect (or 429 Too Many Requests if CrowdsecLocation is unset).allow(default) will allow the request through.
CrowdsecBlockedHTTPCodeโ
500|403|429
HTTP code to return when a request is blocked (default is 429).
CrowdsecLocationโ
Set to the URL to redirect to when the IP address is banned. As per RFC 7231 may be a path, or a full URL. For example: /sorry.html
CrowdsecURLโ
Set to the URL of the Crowdsec API. For example: http://localhost:8080.
CrowdsecAPIKeyโ
Set to the API key of the Crowdsec API. Add an API key using 'cscli bouncers add'.
CrowdsecCacheโ
Enable the crowdsec cache. Defaults to 'none'. Options detailed here: https://httpd.apache.org/docs/2.4/socache.html.
CrowdsecCacheTimeoutโ
Set the crowdsec cache timeout. Defaults to 60 seconds.
Next stepsโ
Overriding HTTP Responseโ
If you want to return custom HTTP code and/or content, you can use CrowdsecLocation and RewriteRules :
CrowdsecLocation /one/
<Location /one/>
Crowdsec off
RewriteEngine On
RewriteRule .* - [R=403,L]
# Require all denied
ErrorDocument 403 "hell nooo"
</Location>