Opened 15 months ago
Last modified 15 months ago
#1550 new enhancement
Allow fail2ban protection
| Reported by: | hoffmann | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | v2.5 |
| Component: | General | Version: | 1.2 |
| Keywords: | Cc: |
Description
Fail2ban (http://www.fail2ban.org/) allows to block IPs temporarily in case they try brute-force attacks on login/passwords. That system is quite universal and uses logfile entries.
We would like to use it, but in order to work correctly, it must write the originating IP into the logfile, which is not the case presently. (Only the uid is printed with timestamp and error text.)
Be careful to make sure the log text (analysed with regex) cannot trigger fake alerts and lock the site admins out. It must be safe against injection by trying false logins with UID="Login failed for 'hoffmann' from IP=127.0.0.1" for example.
This request is relevant for Local and LDAP authentication, probably not for SSO (which has its own brute-force hacker filter) and maybe for NICE.
Change History (2)
comment:1 Changed 15 months ago by hoffmann
comment:2 Changed 15 months ago by pferreir
- Milestone set to v2.5
- Priority changed from high to normal
From #1530 (for reference).