Powered by Adobe Commerce 2.4.5

This extension is in our Payment category. Please remember that it is the merchant’s responsibility to ensure the proper PCI compliance level of their store, as applicable by PCI regulations. The PCI Self-Assessment is one tool you can use when evaluating Payment extensions and how they may affect your PCI compliance level. For more information on Marketplace policies, please review the Marketplace Terms & Conditions.

CrowdSec Bouncer

This is an Integration with a Third Party Service. Other charges and fees may be required to use this extension on your Store


Back to top

CrowdSec is an open-source and collaborative EDR (Endpoint Detection and response).CrowdSec is a security engine leveraging a behavior system to qualify whether someone is trying to hack you, based on your logs. If your CrowdSec agent detects such aggression, the offending IP is then dealt with and sent for curation. If this signal passes curation, the IP is then redistributed to all users sharing a similar technological profile to "immunize" them against this IP. 

The global concept is to leverage the crowd power to create some form of Internet Neighborhood watch. As for the IP that aggressed your machine, you can choose to remedy the threat in any manner you feel appropriate, using a Bouncer.

Account and Pricing

To use this extension, you must install a CrowdSec agent on a server that is accessible via your Magento 2 site. For more information about the installation, see the documentation or contact CrowdSec.

There is no need to create an account, and the agent is free of charge.

The CrowdSec Bouncer

The CrowdSec Bouncer extension for Magento 2 has been designed to protect your website from all kinds of attacks by using CrowdSec technology. When a user is suspected to be malevolent, it will either send him/her a captcha to resolve or simply a page notifying that access is denied.

Depending on what you configure, this protection is enabled in the front-end, API or admin area. For the front-end, you can activate it on the stores you choose.

CrowdSec blends into your design

Suppose that an IP has been detected as malicious by CrowdSec, you will be able to block access to the suspected user with a ban wall page or present a captcha wall page. 

It is possible to customize all the colors of these pages in a few clicks so that they integrate best with your design. On the other hand, all texts are also fully customizable. This will allow you, for example, to present translated pages in your store view language.

The Flex mode: a bulwark against false positives

Thanks to the "Flex mode", it is impossible to accidentally block access to your site to people who don't deserve it. This mode makes it possible to never ban an IP but only to offer a Captcha, in the worst-case scenario.

The right balance between performance and security

By default, the "live mode" is enabled. The first time a stranger connects to your website, this mode means that the IP will be checked directly by the CrowdSec API. The rest of your user's browsing will be even more transparent thanks to the fully customizable cache system.

But you can also activate the "stream mode". This mode allows you to constantly feed the bouncer with the malicious IP list via a background task (CRON), making it to be even faster when checking the IP of your visitors. Besides, if your site has a lot of unique visitors at the same time, this will not influence the traffic to the API of your CrowdSec instance.


  • Improved security
  • Easy to configure with specific setting per website or store
  • Live or asynchrone stream mode
  • Support File system, Redis and Memcached cache 
  • Support IPv4 and IPv6 with single IP or IP ranges
  • Support CrowdSec country scoped decisions
  • CDN ready
  • Enable/Disable log file
  • Source code is not encrypted

Technical Specifications

Back to top

Seller profile


Seller contact




Current Version


Adobe Commerce platform compatibility

Open Source (CE): 2.3 (current), 2.4 (current)


Stable Build


11 August, 2022


Extensions, Payments & Security

Supported Browsers

Chrome, Firefox, Opera, Safari, Edge, IE


Installation Guides

User Guides

License Type

MIT License (MIT)


Privacy Policy

Quality Report

Back to top

Installation & Varnish Tests


Coding Standard


Plagiarism Check


Malware Check


Marketing Review


Manual Testing


All tests were conducted on the latest versions of Adobe Commerce that existed for the compatible release lines at the moment of the extension submission. Latest versions of all other software were used, as applicable.

Release Notes

Back to top


  • Compatible with Open Source (CE) : 2.3 2.4
  • Stability: Stable Build
  • Description:

    - Add compatibility with Magento 2.4.5
    - Add configuration to use cURL instead of file_get_contents to call LAPI
    - Add configuration forced_test_forwarded_ip for testing purpose


  • Compatible with Open Source (CE) : 2.3 2.4
  • Stability: Stable Build
  • Description:

    - Add configuration to set captcha flow cache lifetime
    - Add configuration to set geolocation result cache lifetime
    - Use cache instead of session to store some values
    - Fix wrong deleted decisions count during cache refresh


  • Compatible with Open Source (CE) : 2.3 2.4
  • Stability: Stable Build
  • Description:

    - Add geolocation feature
    - Add compatibility with Magento 2.4.4 and PHP 8.1


  • Compatible with Open Source (CE) : 2.3 2.4
  • Stability: Stable Build
  • Description:

    - Add events log feature
    - Fix primary and secondary text configuration path


  • Compatible with Open Source (CE) : 2.3 2.4
  • Stability: Stable Build
  • Description:

    Initial Release.


Back to top

The best place to start if you need help with a specific extension is to contact the developer. All Adobe Commerce developers have both a contact email and a support email listed.

Contact Vendor

Q & A

Back to top


Back to top