# /etc/crowdsec/appsec-configs/nightscout-outofband.yaml
name: nightscout-outofband
description: "Out-of-band AppSec config with Socket.IO exclusions"

default_remediation: ban
default_pass_action: allow

# Load generic rules but with exclusions
rules:
  - crowdsecurity/appsec-generic-rules

# Out-of-band specific configuration
outofband_rules:
  - crowdsecurity/appsec-generic-rules

# Rule exclusions - prevent these rules from firing on socket.io paths
rule_exclusions:
  - rule_id: 920420
    zones: [URI]
    match:
      type: regex
      value: "^/socket\\.io/"
  - rule_id: 901340  
    zones: [URI]
    match:
      type: regex
      value: "^/socket\\.io/"
  - rule_id: 949110
    zones: [URI]
    match:
      type: regex
      value: "^/socket\\.io/"