sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-19 00:46:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CrowdSec IP reputation documentation

Browse Source
This commit is contained in:
Viktor Liu
2026-04-14 12:55:15 +02:00
parent 1e8ff9525e
commit 2854e68181
7 changed files with 229 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/pages/manage/reverse-proxy/index.mdx
View File

@@ -39,7 +39,7 @@ A service is the core configuration unit of the Reverse Proxy. Each service maps
- **Domain** - the public URL where the service is reachable
- **Targets** - one or more backend destinations that handle incoming requests
- **Authentication** - optional SSO, password, PIN, or header-based protection
- **Access restrictions** - optional IP CIDR and country-based access control
- **Access restrictions** - optional IP CIDR, country, and CrowdSec IP reputation access control
- **Settings** - advanced options (varies by service mode)
- **Enabled/Disabled toggle** - turn the service on or off without deleting it
@@ -57,7 +57,7 @@ The service mode determines how the proxy handles traffic between clients and yo
L4 services (TCP, UDP, TLS) listen on a dedicated port on the proxy cluster. Depending on the cluster, the port may be auto-assigned or you can specify one manually. The proxy cluster's `supports_custom_ports` capability determines whether manual port selection is available.
<Note>
L4 services do not support browser-based authentication (SSO, password, PIN) or header authentication because there is no HTTP layer. You can use [access restrictions](/manage/reverse-proxy/authentication#access-restrictions) (IP CIDR and country rules) to protect L4 services.
L4 services do not support browser-based authentication (SSO, password, PIN) or header authentication because there is no HTTP layer. You can use [access restrictions](/manage/reverse-proxy/authentication#access-restrictions) (IP CIDR, country, and CrowdSec rules) to protect L4 services.
</Note>
### Targets
@@ -126,7 +126,7 @@ You can protect a service with one or more authentication methods. When multiple
| **Password** | Yes | No | Protect with a shared password. |
| **PIN Code** | Yes | No | Protect with a numeric PIN code. |
| **Header Authentication** | Yes | No | Validate a static header value (API key, Bearer token, Basic auth). Useful for programmatic access. |
| **Access Restrictions** | Yes | Yes | Restrict access by IP CIDR range or country. Works at the connection level, so it applies to all service modes. |
| **Access Restrictions** | Yes | Yes | Restrict access by IP CIDR range, country, or CrowdSec IP reputation. Works at the connection level, so it applies to all service modes. |
<Note>
If you save a service with no authentication or access restrictions configured, the dashboard will display a warning. Public services are accessible to anyone on the internet who knows the URL.
@@ -268,12 +268,13 @@ Switch to the **Authentication** tab to configure how users are authenticated be
### Step 3b: Configure access control
Switch to the **Access Control** tab to restrict access by IP address or country. This tab is available for all service modes (HTTP and L4).
Switch to the **Access Control** tab to restrict access by IP address, country, or IP reputation. This tab is available for all service modes (HTTP and L4).
- Add **allowed CIDRs** or **blocked CIDRs** to restrict by IP range.
- Add **allowed countries** or **blocked countries** to restrict by geographic location.
- Set **CrowdSec IP Reputation** to **enforce** or **observe** to block or monitor known malicious IPs (when available on the proxy cluster).
Access restrictions are evaluated before authentication: if a connection is blocked by an IP or country rule, it is rejected before any authentication check.
Access restrictions are evaluated before authentication: if a connection is blocked by an access restriction rule, it is rejected before any authentication check.
### Step 4: Configure advanced settings