CrowdSec Configuration
Settings for the CrowdSec LAPI connection and decision filtering.
Connection
Section titled “Connection”crowdsec.api_url Required
Section titled “crowdsec.api_url ”Env: CROWDSEC_URL · Default: http://localhost:8080/
The URL of the CrowdSec Local API (LAPI). Include the trailing slash.
crowdsec: api_url: "http://localhost:8080/"crowdsec.api_key Required
Section titled “crowdsec.api_key ”Env: CROWDSEC_BOUNCER_API_KEY · Default: —
The bouncer API key. Generate one with:
sudo cscli bouncers add cs-routeros-bouncercrowdsec.retry_initial_connect Optional
Section titled “crowdsec.retry_initial_connect ”Env: CROWDSEC_RETRY_INITIAL_CONNECT · Default: true
When enabled, the bouncer retries connecting to LAPI on startup if the initial connection fails. Useful when the bouncer starts before CrowdSec is ready.
Polling
Section titled “Polling”crowdsec.update_frequency Optional
Section titled “crowdsec.update_frequency ”Env: CROWDSEC_UPDATE_FREQUENCY · Default: 10s
How often to poll LAPI for new or expired decisions. Uses Go duration format (e.g., 10s, 1m, 30s).
crowdsec.lapi_metrics_interval Optional
Section titled “crowdsec.lapi_metrics_interval ”Env: CROWDSEC_LAPI_METRICS_INTERVAL · Default: 15m
How often to report usage metrics to the CrowdSec LAPI /v1/usage-metrics endpoint. Set to 0 to disable.
Each push includes:
- Active decisions — per-origin (e.g.,
crowdsec,cscli,CAPI) and per-IP-type (ipv4,ipv6) - Dropped traffic — bytes and packets blocked by MikroTik firewall rules (delta since last push)
- Bouncer metadata — type, version, OS info, uptime
This data appears in the CrowdSec Console and helps track bouncer effectiveness.
crowdsec: lapi_metrics_interval: "15m"Decision Filtering
Section titled “Decision Filtering”crowdsec.origins Optional
Section titled “crowdsec.origins ”Env: CROWDSEC_ORIGINS · Default: [] (all origins)
Filter decisions by their origin. Empty means all decisions are processed.
| Origin | Description |
|---|---|
crowdsec | Decisions from CrowdSec detection engine |
cscli | Manual decisions via cscli decisions add |
CAPI | Community blocklists from CrowdSec Central API |
# Only local decisions (no community blocklists)crowdsec: origins: ["crowdsec", "cscli"]crowdsec.scopes Optional
Section titled “crowdsec.scopes ”Env: CROWDSEC_SCOPES · Default: ["ip", "range"]
Decision scopes to process. Supported values: ip, range.
crowdsec.supported_decisions_types Optional
Section titled “crowdsec.supported_decisions_types ”Env: CROWDSEC_DECISIONS_TYPES · Default: ["ban"]
Only decisions of these types are processed.
crowdsec.scenarios_containing Optional
Section titled “crowdsec.scenarios_containing ”Env: CROWDSEC_SCENARIOS_CONTAINING · Default: [] (no filter)
Only process decisions from scenarios whose name contains one of these strings. Empty means no filtering.
crowdsec: scenarios_containing: ["ssh", "http"]crowdsec.scenarios_not_containing Optional
Section titled “crowdsec.scenarios_not_containing ”Env: CROWDSEC_SCENARIOS_NOT_CONTAINING · Default: [] (no filter)
Exclude decisions from scenarios whose name contains one of these strings.
TLS Authentication
Section titled “TLS Authentication”For mutual TLS authentication with the LAPI:
crowdsec.cert_path Optional
Section titled “crowdsec.cert_path ”Env: CROWDSEC_CERT_PATH · Default: —
Path to the TLS client certificate (PEM format).
crowdsec.key_path Optional
Section titled “crowdsec.key_path ”Env: CROWDSEC_KEY_PATH · Default: —
Path to the TLS client key (PEM format).
crowdsec.ca_cert_path Optional
Section titled “crowdsec.ca_cert_path ”Env: CROWDSEC_CA_CERT_PATH · Default: —
Path to the CA certificate (PEM format) for verifying the LAPI server certificate.
crowdsec.insecure_skip_verify Optional
Section titled “crowdsec.insecure_skip_verify ”Env: CROWDSEC_INSECURE_SKIP_VERIFY · Default: false
Skip TLS certificate verification for LAPI connections.