#Bouncer isn't Bouncing

1 messages · Page 1 of 1 (latest)

safe juniper
tardy prismBOT
#
Important Information

Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command /resolve or press the green resolve button below.

Log Files

If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.

Guide Followed (CrowdSec Official)

If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.

Screenshots

Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.

© Created By WhyAydan for CrowdSec ❤️ ·
safe juniper
#

Here is my crowdsec.conf file```ENABLED=true
API_URL=http://127.0.0.1:8080
API_KEY=REDACTED
CACHE_EXPIRATION=1

bounce for all type of remediation that the bouncer can receive from the local API

BOUNCING_ON_TYPE=all
FALLBACK_REMEDIATION=ban
REQUEST_TIMEOUT=2500
UPDATE_FREQUENCY=10

By default internal requests are ignored, such as any path affected by rewrite rule.

set ENABLE_INTERNAL=true to allow checking on these internal requests.

ENABLE_INTERNAL=false

live or stream

MODE=live

exclude the bouncing on those location

EXCLUDE_LOCATION=
#those apply for "ban" action

/!\ REDIRECT_LOCATION and RET_CODE can't be used together. REDIRECT_LOCATION take priority over RET_CODE

BAN_TEMPLATE_PATH=/data/crowdsec/ban.html
REDIRECT_LOCATION=
RET_CODE=
#those apply for "captcha" action
#valid providers are recaptcha, hcaptcha, turnstile
CAPTCHA_PROVIDER=

Captcha Secret Key

SECRET_KEY=

Captcha Site key

SITE_KEY=
CAPTCHA_TEMPLATE_PATH=/data/crowdsec/captcha.html
CAPTCHA_EXPIRATION=3600

APPSEC_URL=http://127.0.0.1:7422
APPSEC_FAILURE_ACTION=deny
APPSEC_CONNECT_TIMEOUT=1000
APPSEC_SEND_TIMEOUT=30000
APPSEC_PROCESS_TIMEOUT=10000
ALWAYS_SEND_TO_APPSEC=false
SSL_VERIFY=true

silk cliff
#

since you have set

# live or stream
MODE=live

you should be able to see which IP it is checking via the logs of crowdsec

safe juniper
#

I'm able to see which IP is blocked but when I look at the logs it looks like everything is working fine. I'm even able to see my IP in cscli decision list

#

2025/11/11 01:19:48 [error] 538#538: *48 [lua] live.lua:39: live_query(): failed to query LAPI http://127.0.0.1:8080/v1/decisions?ip=REDACTED IP: connection refused, client: REDACTED IP, server: REDACTED SITE, request: REDACTED SITE, host: REDACTED SITE

#

The only thing that looks odd is the "failed to query LAPI" but when I run cscli lapi status I'm able to connects uccessfully. ```Loaded credentials from /etc/crowdsec/local_api_credentials.yaml
Trying to authenticate with username localhost on http://0.0.0.0:8080/
You can successfully interact with Local API (LAPI)

silk cliff
# safe juniper ```2025/11/11 01:19:48 [error] 538#538: *48 [lua] live.lua:39: live_query(): fai...

Yeah so the problem is npmplus cant access the URL 127.0.0.1:8080 are you in host networking (npmplus default) and CrowdSec 8080 port is forwarded to the loopback?

ref:
https://github.com/ZoeyVid/NPMplus/blob/f4477ac432b57f36fbaa694a809d17b2e0d97c9f/compose.yaml#L6
https://github.com/ZoeyVid/NPMplus/blob/f4477ac432b57f36fbaa694a809d17b2e0d97c9f/compose.yaml#L99-L100

cause either these have been altered and havent been updated in the conf file OR your firewall is blocking loopback traffic which would break alot more things.

safe juniper