1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
In this example, a flask app would be configured to use pycrowdsec. Remediations are as following.
- ban: These IP's would be redirected to a 403 page.
- captcha: These IP's would be required to solve a google recaptcha.
**Requirements:**
- CrowdSec installed and listening on http://localhost:8080 . Find installation instructions [here](https://docs.crowdsec.net/Crowdsec/v1/getting_started/installation/)
- Google reCaptcha API tokens. Find instructions [here](http://www.google.com/recaptcha/admin)
## Steps
- Set the following environment variables
```bash
export CROWDSEC_LAPI_KEY=<LAPI_KEY>
export GOOGLE_RECAPTCHA_PRIVATE_KEY=<PRIVATE_KEY>
export GOOGLE_RECAPTCHA_SITE_KEY=<SITE_KEY>
```
**CROWDSEC_LAPI_KEY**: This can be generated by running the follwing command :
```bash
❯ sudo cscli bouncers add flask_eg
Api key for 'flask_eg':
ab9512a45e258b36d38ba8e274c5f1e4
```
**GOOGLE_RECAPTCHA_PRIVATE_KEY** and **GOOGLE_RECAPTCHA_SITE_KEY**: Google would give these keys after setup completion
- Install dependencies, make sure you are in a virtual environment.
```bash
pip install -r requirements.txt
```
- Finally start flask web app via :
```bash
python main.py
```
The web app would be served at http://localhost:5000 . It would display a simple "Hello" message.
- Now add some decisions:
```bash
sudo cscli decisions add --value 127.0.0.1 --type captcha
```
Now if you navigate to the web app, you would be required to solve the captcha.
You can also add a decision to ban some IP.
```bash
sudo cscli decisions add --value <BAD_IP> --type ban
```
You can also remove remediations for some IP by running:
```bash
sudo cscli decisions delete --ip <IP_TO_UNBAN>
```
By default each "decision" would be deleted after 4 hours.
|
