feat: harden forwarded headers and automate Cloudflare IP sync

2025-10-21 11:23:55 +08:00
parent 4e945a1426
commit a3cb4bad5b
3 changed files with 159 additions and 8 deletions
--- a/dynamic.yml
+++ b/dynamic.yml
@@ -9,7 +9,7 @@ http:
        cloudflare:
          trustedCIDRs: []
          overwriteRequestHeader: true
-          debug: true
+          debug: false
    crowdsec:
      plugin:
        bouncer:
@@ -34,7 +34,7 @@ http:
    block-direct-access:
      rule: "HostRegexp(`{host:.+}`)"  # Matches any host
      service: noop@internal
-      priority: 1  # Low priority to catch unmatched requests
+      priority: -1  # Low priority to catch unmatched requests
      entryPoints:
        - web
        - websecure