Project

General

Profile

Actions
Copy link

Feature #21661

closed

Secure the BE login - Blacklist ips

Added by Nikolas Hagelstein almost 15 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2009-11-24
Due date:
% Done:

0%

Estimated time:
PHP Version:
4.3
Tags:
Complexity:
Sprint Focus:

Description

Add an option to blacklist ips for a configurable timeperiod and a configurable amount of time.

(issue imported from #M12724)

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #21658: Secure the BE login - Auto disable the be user after a certain amount of login failure.Closed2009-11-24

Actions
Related to TYPO3 Core - Feature #75987: Implement request throttling/ rate limiting functionality and APIClosed2016-04-29

Actions
Actions
Copy link
 #1

Updated by Mathias Schreiber almost 10 years ago

  • Tracker changed from Bug to Feature
  • Description updated (diff)
  • Status changed from New to Closed
  • Target version deleted (0)

should be handled by the webserver.

Actions
Copy link
 #2

Updated by Nikolas Hagelstein almost 10 years ago

If i remember correctly i was fileing this and an bunch of other security related tickets to make typo3 at least base BSI compliant. The orignal ticket was actually not only about locking out an ip (which can be handle by webserver or fw of course) but about locking out a certain ip (read as client - identified on whatever) upon a certain amount of login failures (see #21658) for a given amount of time.

Just to clearify things
Actions
Copy link
 #3

Updated by Helmut Hummel over 8 years ago

Mathias Schreiber wrote:

should be handled by the webserver.

actually not neccessarily

Actions
Copy link

Also available in: Atom PDF