Project

General

Profile

Actions
Copy link

Feature #21661

closed

Secure the BE login - Blacklist ips

Added by Nikolas Hagelstein over 14 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2009-11-24
Due date:
% Done:

0%

Estimated time:
PHP Version:
4.3
Tags:
Complexity:
Sprint Focus:

Description

Add an option to blacklist ips for a configurable timeperiod and a configurable amount of time.

(issue imported from #M12724)

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #21658: Secure the BE login - Auto disable the be user after a certain amount of login failure.Closed2009-11-24

Actions
Related to TYPO3 Core - Feature #75987: Implement request throttling/ rate limiting functionality and APIClosed2016-04-29

Actions
Actions
Copy link
 #1

Updated by Mathias Schreiber over 9 years ago

  • Tracker changed from Bug to Feature
  • Description updated (diff)
  • Status changed from New to Closed
  • Target version deleted (0)

should be handled by the webserver.

Actions
Copy link
 #2

Updated by Nikolas Hagelstein over 9 years ago

If i remember correctly i was fileing this and an bunch of other security related tickets to make typo3 at least base BSI compliant. The orignal ticket was actually not only about locking out an ip (which can be handle by webserver or fw of course) but about locking out a certain ip (read as client - identified on whatever) upon a certain amount of login failures (see #21658) for a given amount of time.

Just to clearify things
Actions
Copy link
 #3

Updated by Helmut Hummel almost 8 years ago

Mathias Schreiber wrote:

should be handled by the webserver.

actually not neccessarily

Actions
Copy link

Also available in: Atom PDF