Feature #21661
closed
Secure the BE login - Blacklist ips
Added by Nikolas Hagelstein over 14 years ago.
Updated almost 8 years ago.
Description
Add an option to blacklist ips for a configurable timeperiod and a configurable amount of time.
(issue imported from #M12724)
- Tracker changed from Bug to Feature
- Description updated (diff)
- Status changed from New to Closed
- Target version deleted (
0)
should be handled by the webserver.
If i remember correctly i was fileing this and an bunch of other security related tickets to make typo3 at least base BSI compliant. The orignal ticket was actually not only about locking out an ip (which can be handle by webserver or fw of course) but about locking out a certain ip (read as client - identified on whatever) upon a certain amount of login failures (see #21658) for a given amount of time.
Just to clearify things
Mathias Schreiber wrote:
should be handled by the webserver.
actually not neccessarily
Also available in: Atom
PDF