http:
  middlewares:
    crowdsec-bouncer:
      plugin:
        crowdsec-bouncer:
          enabled: true
          crowdsecMode: stream
          crowdsecLapiKey: '{{ env "CROWDSEC_BOUNCER_API_KEY" }}'
          crowdsecLapiHost: "crowdsec:8080"
          crowdsecLapiScheme: "http"
          crowdsecAppsecEnabled: true
          crowdsecAppsecHost: "crowdsec:7422"
          crowdsecAppsecFailureBlock: true
          crowdsecAppsecUnreachableBlock: true

    security-headers:
      headers:
        stsSeconds: 31536000
        stsIncludeSubdomains: true
        stsPreload: true
        forceSTSHeader: true
        contentTypeNosniff: true
        browserXssFilter: true
        referrerPolicy: "strict-origin-when-cross-origin"
        permissionsPolicy: "camera=(), microphone=(), geolocation=()"
        customFrameOptionsValue: "SAMEORIGIN"

    rate-limit:
      rateLimit:
        average: 100   # requests per second sustained
        burst: 50      # allowed spike above average
        period: 1s