I don't know where to post this so il put it here (feel free to ask me to move it.) I have my Plesk server set up as default as Nginx (Reverse Proxy Server) > Apache and I'm using Cloudflare in front. I have configure the server to emit real IPs rather than cloudflare IPs in logs by fallowing the instructions here (Solution for a single domain (I applied it to all my domains.)): https://support.plesk.com/hc/en-us/articles/360025828373-Incorrect-IP-addresses-logged-by-Plesk-behind-load-balancer-or-reverse-forward-proxy In my logs I do see the real IP if the visitor/user and not cloudflare IPs. The problem I'm having is crowdsec seems to still be seeing and blocking cloudflare IPs and not the real bad visitor/users IPs. I don't know if its the way Plesk is doing it's log or something that crowdsec cant analyze it correctly. How can I fix this?
Last active 7 months ago