# Crowdsec AS Number Whitelist

*May 16, 2025*
 — by Flaviu Vlaicu

> Crowdsec AS Numbers Whitelist in Postoverflows



Here is a simple way to create a whitelist for trusted AS Numbers using [@Crowd_Security](https://x.com/@Crowd_Security) PostOverflows

The main advantage of PostOveflow whitelists is they are only triggered once the bucket overflows meaning potentially expensive expressions are evaluated less often. You can also install the [crowdsecurity/rdns postoverflow](https://hub.crowdsec.net/author/crowdsecurity/configurations/rdns) that will be in charge of enriching overflows with reverse DNS information of the offending IP address. Here is the path example where you will need to create a new whitelist: root@gw:/usr/local/etc/crowdsec/postoverflows/s01-whitelist

```yaml
   name: crowdsecurity/as-whitelist
   description: Whitelist known AS Numbers
   debug: true
   whitelist:
     reason: Whitelisted AS Number
     expression:
       - evt.Overflow.Alert.Source.AsNumber in ['15169', '62044']
```
Create a new file with the above config and add just the number of the "AS Number" you would like to whitelist. Save the file with a .yaml extension and restart Crowdsec with: sudo service crowdsec restart  You should now also see this whitelist in the GUI if you are using OPNsense for example.

[![Image](https://pbs.twimg.com/media/Gpw2PJ9WUAA1iCR?format=jpg&name=medium)](https://x.com/flaviuvlaicu/article/1917467525970899252/media/1917467175352160256)


---
*Source: [https://vlaicu.io/posts/crowdsec-as-whitelist/](https://vlaicu.io/posts/crowdsec-as-whitelist/)*