gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b1c34021db
secubox-openwrt/package/secubox/secubox-app-mitmproxy/files/etc/cron.d/mitmproxy-autoban
CyberMind-FR 56d45fe7c2 feat(waf): Add sensitivity-based auto-ban system with CrowdSec integration 
WAF Auto-ban Features:
- Three sensitivity levels: aggressive, moderate, permissive
- Aggressive: Immediate ban on first critical threat
- Moderate: Ban after 3 attempts in 5 minutes (default)
- Permissive: Ban after 5 attempts in 1 hour
- Attempt tracking with configurable thresholds

Critical threats (immediate in aggressive/moderate):
- CVE exploits, SQL injection, Command injection
- XXE, Log4Shell, SSTI attacks

CrowdSec Integration:
- Auto-ban requests written to /srv/mitmproxy/autoban-requests.log
- Cron job processes bans every minute via mitmproxyctl
- Bans sent to CrowdSec for network-wide enforcement

New Commands:
- mitmproxyctl process-autoban: Process pending bans
- mitmproxyctl reload-autoban: Reload config after UCI changes

CrowdSec Dashboard:
- Added ban button to alerts page
- Modal confirmation with 24h ban duration
- Real-time banned IP tracking

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 13:40:52 +01:00

5 lines
253 B
Plaintext
Raw Blame History

# mitmproxy WAF auto-ban processor
# Runs every minute to process auto-ban requests from threat detection
# Bans are sent to CrowdSec for enforcement
* * * * * root [ -x /usr/sbin/mitmproxyctl ] && /usr/sbin/mitmproxyctl process-autoban >/dev/null 2>&1
Reference in New Issue View Git Blame Copy Permalink