Overview
Back to topCrowdSec is an open-source and collaborative EDR (Endpoint Detection and response).CrowdSec is a security engine leveraging a behavior system to qualify whether someone is trying to hack you, based on your logs. If your CrowdSec agent detects such aggression, the offending IP is then dealt with and sent for curation. If this signal passes curation, the IP is then redistributed to all users sharing a similar technological profile to "immunize" them against this IP.
The global concept is to leverage the crowd power to create some form of Internet Neighborhood watch. As for the IP that aggressed your machine, you can choose to remedy the threat in any manner you feel appropriate, using a Bouncer.
Account and Pricing
To use this extension, you must install a CrowdSec agent on a server that is accessible via your Magento 2 site. For more information about the installation, see the documentation or contact CrowdSec.
There is no need to create an account, and the agent is free of charge.
The CrowdSec Bouncer
The CrowdSec Bouncer extension for Magento 2 has been designed to protect your website from all kinds of attacks by using CrowdSec technology. When a user is suspected to be malevolent, it will either send him/her a captcha to resolve or simply a page notifying that access is denied.
Depending on what you configure, this protection is enabled in the front-end, API or admin area. For the front-end, you can activate it on the stores you choose.
CrowdSec blends into your design
Suppose that an IP has been detected as malicious by CrowdSec, you will be able to block access to the suspected user with a ban wall page or present a captcha wall page.
It is possible to customize all the colors of these pages in a few clicks so that they integrate best with your design. On the other hand, all texts are also fully customizable. This will allow you, for example, to present translated pages in your store view language.
The Flex mode: a bulwark against false positives
Thanks to the "Flex mode", it is impossible to accidentally block access to your site to people who don't deserve it. This mode makes it possible to never ban an IP but only to offer a Captcha, in the worst-case scenario.
The right balance between performance and security
By default, the "live mode" is enabled. The first time a stranger connects to your website, this mode means that the IP will be checked directly by the CrowdSec API. The rest of your user's browsing will be even more transparent thanks to the fully customizable cache system.
But you can also activate the "stream mode". This mode allows you to constantly feed the bouncer with the malicious IP list via a background task (CRON), making it to be even faster when checking the IP of your visitors. Besides, if your site has a lot of unique visitors at the same time, this will not influence the traffic to the API of your CrowdSec instance.
Features
- Improved security
- Easy to configure with specific setting per website or store
- Live or asynchrone stream mode
- Support File system, Redis and Memcached cache
- Support IPv4 and IPv6 with single IP or IP ranges
- Support CrowdSec country scoped decisions
- CDN ready
- Enable/Disable log file
- Source code is not encrypted
Technical Specifications
Back to topSeller profile
Seller contact
Integrator
Current Version
2.1.1
Adobe Commerce platform compatibility
Magento Open Source: 2.4 (current), 2.3 (obsolete)
Type
Stable Build
Updated
12 April, 2024
Categories
Extensions, Payments & Security
Supported Browsers
Chrome, Firefox, Opera, Safari, Edge, IE
Quality Report
Back to topAll tests were conducted on the latest versions of Adobe Commerce that existed for the compatible release lines at the moment of the extension submission. Latest versions of all other software were used, as applicable.
Release Notes
Back to top2.1.1:
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
- No change: released to confirm compatibility with Magento 2.4.7 and PHP 8.3
2.1.0:
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
- Encrypt bouncer key in database
- Add api_timeout and api_connection_timeout settings
- Fix composer conflicts for recent 2.4.6 versions
- Removed events log feature
2.0.0:
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
- Refactor source code
- Add compatibility with 2.4.6
1.5.0:
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
Added
- Add TLS authentication feature
1.4.0:
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
Added
- Add compatibility with Magento 2.4.5
- Add configuration to use cURL instead of file_get_contents to call LAPI
- Add configuration forced_test_forwarded_ip for testing purpose
1.3.0:
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
Added
- Add configuration to set captcha flow cache lifetime
- Add configuration to set geolocation result cache lifetime
Changed
- Use cache instead of session to store some values
Fixed
- Fix wrong deleted decisions count during cache refresh
1.2.0:
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
Added
- Add geolocation feature
- Add compatibility with Magento 2.4.4 and PHP 8.1
1.1.0:
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
Added
- Add events log feature
Fixed
- Fix primary and secondary text configuration path
1.0.0:
- Compatible with Magento Open Source : 2.3 2.4
- Stability: Stable Build
-
Description:
Initial Release.
Support
Back to topThe best place to start if you need help with a specific extension is to contact the developer. All Adobe Commerce developers have both a contact email and a support email listed.
Contact Vendor