Comment on Basic Security for your Website | Loudwhisper

<- View Parent
loudwhisper@infosec.pub ⁨3⁩ ⁨months⁩ ago

Hey, the short answer is yes, you can.

I would elaborate a little more:

In practice I personally would choose a simple setup where the interesting logs are just forwarded (in Syslog format for example) to a single crowdsec instance. If you have ingress from a single node, I’d go for running it on the host and banning via firewall, if you have multiple ingress nodes, then I would run it inside the cluster and ban via a loadBalancer/cloud firewall/whatever you have in front.

In essence, I would spend some time to think about your preferences, and it might take a little bit to make the setup clean, but I think you have plenty of flexibility to do what you prefer. Let me know if you want to bounce some more ideas!

source
Sort:hotnewtop