Add http_referer to the http_base.yaml context

[mendozal]

In a mass hosting environment it would be interesting to know what customer/domain has been affected by the alert/decision.

Please add the http_referer information (evt.Parsed.http_referer) to the http_base.yaml in order to get a hint of the domain in the context data. The target_uri tag doesn't include the domain part.

[LaurenceJJones]

In a mass hosting environment it would be interesting to know what customer/domain has been affected by the alert/decision.

Please add the http_referer information (evt.Parsed.http_referer) to the http_base.yaml in order to get a hint of the domain in the context data. The target_uri tag doesn't include the domain part.

Hey 👋🏻

I had a similar idea #957 , however, some of the CrowdSec team are wary of adding this by default due to privacy concerns. So I purpose we create a http_extended.yaml context that will have the additional context fields and the user can opt in to send this will alert context by installing this.

[blotus]

You can also add this yourself to the context by creating a file /etc/crowdsec/contexts/custom_http_context.yaml and adding:

context:
 http_referer:
  - evt.Parsed.http_referer

[mendozal]

@LaurenceJJones I like that idea. Honestly, it's kind of confusing for me to have to remember all the custom stuff I have to set up with each install.

@blotus I did. I'm waiting for some events to happen to check if it works.