Version: v1.7

CAPI

This option is deprecated. You should use centralized allowlists instead.

Whitelists from CAPI (Central API) community blocklist or third party blocklist

From version 1.5.0 a user can specify a list of IP's or IP ranges to be whitelisted from a community blocklist or third party blocklist. You will have to specify a path to the file within config.yaml as by default there is no file specified.

api:
  server:
    capi_whitelists_path: <path_to_capi_whitelists_file>

We recommend to use the following files for each OS:

Linux /etc/crowdsec/capi-whitelists.yaml
Freebsd /usr/local/etc/crowdsec/capi-whitelists.yaml
Windows c:/programdata/crowdsec/config/capi-whitelists.yaml

These files DO NOT exist and you MUST create them manually and configure the above settings

The following snippet should be used as a guide

ips:
 - 1.2.3.4
 - 2.3.4.5
cidrs:
 - 1.2.3.0/24

Reload CrowdSec
sudo systemctl reload crowdsec

The whitelist only applies when crowdsec pulls the blocklist from CAPI. This means that any IPs already in your local database will not get whitelisted.

You can either manually delete the decisions for the IPs you want to whitelist with cscli decisions delete, or delete all alerts and active decisions from the database with cscli alerts delete --all and restart crowdsec.

Whitelists from CAPI (Central API) community blocklist or third party blocklist​

Whitelists from CAPI (Central API) community blocklist or third party blocklist