What's New
Sidecar Proxy (Optional but Recommended)
A Go proxy that sits between your firewall bouncer and CrowdSec LAPI. When LAPI has 120K+ decisions but your device can only hold 15K-30K, the sidecar scores each decision across 7 factors and returns only the highest-priority threats.
7-Factor Scoring:
- Scenario score with 2x multiplier (pattern-matched)
- Origin: local detections (25) > manual bans (20) > CAPI (10)
- TTL bonus (longer bans = more serious threats)
- Decision type (ban > captcha)
- Freshness bonus (recent threats prioritized over stale entries)
- CIDR bonus (broader ranges block more addresses)
- Recidivism (+15 per extra decision for same IP)
Production tested: 2 instances, 20,000+ requests, 0 failures.
Sidecar-Aware Scripts
detect-sidecar.sh— new script detects whether bouncer uses sidecar or direct LAPIdetect-device.sh— now exports recommended sidecar max_decisions for each devicesetup.sh— logs sidecar status on boot, warns about capacity overflowensure-rules.sh— context-aware capacity recommendationsipset-capacity-monitor.sh --status— shows sidecar config and device-specific tuning advice
Updated Documentation
- Complete README rewrite with sidecar section, scoring table, "Do I Need This?" decision guide
- Standalone sidecar docs at
sidecar/README.md - Updated ROADMAP (v2.1 = sidecar, v2.2 = IPv6 + alerting)
CI
- GitHub Actions now includes Go test/build job for the sidecar
Quick Setup
- Deploy the sidecar on your CrowdSec host:
cd sidecar/
cp config.yaml.example config.yaml
# Edit: set upstream_lapi_url, upstream_lapi_key, max_decisions
docker compose up -d- Point your bouncer at the sidecar:
api_url: http://YOUR_SIDECAR_HOST:8084/- Restart bouncer:
systemctl restart crowdsec-firewall-bouncerDo I Need the Sidecar?
| Situation | Sidecar? |
|---|---|
| LAPI has <15K decisions | No |
| LAPI has >30K decisions | Yes |
| You subscribe to community blocklists | Yes |
| Multiple bouncers on different devices | Yes |
Full Changelog: v2.0.0...v2.1.0