kaffa/crowdsec-bunny-bouncer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8 Commits 1 Branch 0 Tags
1dcf2f448e7f0f4e71dd6decdccc4d9cb632d489
Commit Graph

8 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
kappa
1dcf2f448e Initial commit: CrowdSec BunnyCDN bouncer 
- sync/bouncer.py: CrowdSec LAPI → bloom filter → BunnyCDN Edge Script
- edge/middleware.ts: BunnyCDN edge middleware with bloom filter + Turnstile CAPTCHA
- README.md: architecture and deployment docs
 2026-03-15 13:16:11 +09:00
kappa
06af81c198 Add README with architecture, setup, and monitoring docs 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-13 14:35:10 +09:00
kappa
cd4b7b6c99 Add CDN monitoring script for Edge Script usage, traffic stats, and WAF logs 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-13 14:33:38 +09:00
kappa
376251986e Add Playwright MCP and screenshot files to .gitignore 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-13 14:05:34 +09:00
kappa
8a015b8bd2 Improve Edge Script cache: 5min TTL for clean IPs, 1min for blocked 
Reduces DB queries ~80% by caching clean IPs longer. Blocked IPs keep
short TTL for quick unblock propagation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-13 10:35:24 +09:00
kappa
3f8bf5e4e2 Fix Edge Script env var names to match Bunny dashboard defaults 
BUNNY_DATABASE_URL and BUNNY_DATABASE_AUTH_TOKEN instead of DB_URL/DB_TOKEN.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-13 09:52:44 +09:00
kappa
da199bce8c Switch to Edge Script + Bunny Database architecture for unlimited IP blocking 
Replace Shield Access List (5,000 IP limit) with Bunny Database (libSQL) +
Edge Script middleware to support CAPI community blocklists (tens of thousands
of IPs). Bouncer now uses CrowdSec streaming API for incremental sync with
periodic full resync every 6 hours.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-13 09:25:43 +09:00
kappa
d1b870227e Add CrowdSec bouncer for Bunny CDN Shield 
Syncs locally-detected CrowdSec ban decisions to Bunny CDN Shield
Access Lists. Excludes community blocklists (CAPI/lists) since Bunny
Shield has its own managed threat feeds.

- Polls CrowdSec LAPI for origin=crowdsec/cscli bans
- Updates Bunny Shield custom Access List via PATCH API
- Change detection via set comparison to skip unnecessary API calls
- Exponential backoff retry on API failures
- Graceful SIGTERM/SIGINT shutdown
- Docker healthcheck support

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-12 19:08:56 +09:00