Mad lad updates

crowdsecurity · Oct 11, 2023 · 2dec2ae · 2dec2ae
1 parent 4e33980
commit 2dec2ae
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/crowdsec-docs/docs/profiles/captcha_profile.md b/crowdsec-docs/docs/profiles/captcha_profile.md
@@ -6,6 +6,10 @@ sidebar_position: 2
 
 Here is an example of a profile that provides users with a captcha challenge when they trigger a HTTP scenario.
 
+:::info
+You **MUST** have configured a remediation component that supports captcha challenges, see [Remediation](/bouncers/intro.md).
+:::
+
 ```yaml
 name: captcha_remediation
 filters:
@@ -26,6 +30,8 @@ decisions:
 on_success: break
 ```
 
+The key piece of profile to point out is the `on_success` directive. It is set to `break` to ensure that the alert will not be evaluated by other profiles so the offender will only get a captcha decision.
+
 However, you may want to provide a limit to captcha challenges within a period of time to a given IP address because they may ignore your captcha challenges and still cause load on your server.
 
 You can use the `GetDecisionsCount` or `GetDecisionsSinceCount` helper to achieve this:

diff --git a/crowdsec-docs/docs/profiles/cti_profile.md b/crowdsec-docs/docs/profiles/cti_profile.md
@@ -1,7 +1,7 @@
 ---
 id: cti_profile
 title: CrowdSec CTI
-sidebar_position: 2
+sidebar_position: 1
 ---
 
 Here is an example of a profile that uses the CTI module to make decisions based on the background noise score of an IP address.
@@ -52,7 +52,8 @@ decisions:
  - type: ban
    duration: 12h
 duration_expr: "Sprintf('%dm', (240 + (144 * CrowdsecCTI(Alert.GetValue()).GetBackgroundNoiseScore()))"
-## 240 minutes (4 hours) + 144 minutes (2 hours) per point of background noise score
+## 240 minutes (4 hours) + 144 minutes per point of background noise score
+## 144 = 24 * 60 / 10
 on_success: break
 ---
 name: default_ip_remediation