Nextcloud false ban for webdav delete 404 #1519
Description
Describe the bug
False positive for 'http-probing' for webdav delete, should be whitelisted in 'nextcloud-whitelist'
To Reproduce
Use seedvault to back up android phone to Nextcloud server behind Crowdsec. Any other similar approach which generates fast webdav DELETE requests with 404 response would work.
Expected behavior
Functions without no ban
Screenshots
Additional context
Sample Traefik access log lines from the requests which did trip 'http-probing', but should not:
212.104.000.000 - - [14/Oct/2025:00:30:18 +0000] "DELETE /remote.php/webdav/.SeedVaultAndroidBackup/14f.....ace.sv/e3/e399.....3f75 HTTP/2.0" 404 339 "-" "okhttp/4.12.0" 2585 "nextcloud@docker" "http://172.17.5.2:80" 55ms 212.104.000.000 - - [14/Oct/2025:00:30:18 +0000] "DELETE /remote.php/webdav/.SeedVaultAndroidBackup/f689df.....77a14e/34/34b6....0f5e HTTP/2.0" 204 0 "-" "okhttp/4.12.0" 2581 "nextcloud@docker" "http://172.17.5.2:80" 355ms 212.104.000.000 - - [14/Oct/2025:00:30:18 +0000] "DELETE /remote.php/webdav/.SeedVaultAndroidBackup/14f.....ace.sv/b7/b702....fcc1 HTTP/2.0" 404 339 "-" "okhttp/4.12.0" 2586 "nextcloud@docker" "http://172.17.5.2:80" 72ms 212.104.000.000 - - [14/Oct/2025:00:30:18 +0000] "DELETE /remote.php/webdav/.SeedVaultAndroidBackup/14f.....ace.sv/08/0876....5289 HTTP/2.0" 404 339 "-" "okhttp/4.12.0" 2588 "nextcloud@docker" "http://172.17.5.2:80" 77ms 212.104.000.000 - - [14/Oct/2025:00:30:18 +0000] "DELETE /remote.php/webdav/.SeedVaultAndroidBackup/14f.....ace.sv/bb/bb23....785e HTTP/2.0" 204 0 "-" "okhttp/4.12.0" 2584 "nextcloud@docker" "http://172.17.5.2:80" 361ms