Login throttling
Näslund, Victor
victor.naslund at smhi.se
Thu Aug 4 12:22:11 EDT 2016
Hello,
I modified the source code to include a login throttling based on both IP
address and username.
Its a very small modification, i can send you the source code and show you
how to compile it if you are interested.
*Victor Näslund*
Linux and Identity management
*SMHI* / *Swedish Meteorological and Hydrological Institute*
ITi – IT Infrastructure
SE - 601 76 NORRKÖPING
www.smhi.se
E-post / Email: victor.naslund at smhi.se
Tel vx/ Phone: +46 (0)11 495 80 00
Direct Phone: +46 (0)11 495 82 46
Besöksadress / Street address: Folkborgsvägen 17
On Thu, Aug 4, 2016 at 5:58 PM, Richard Frovarp <richard.frovarp at ndsu.edu>
wrote:
> Is there anything built in to IdP v3 that can do login throttling? That
> seems like the one thing that is missing from the
> PasswordAuthnConfiguration. I want to do fail2ban style throttling where I
> block out the remote system instead of the user. This would prevent a
> remote system from doing a DoS against an account, and prevent searching
> for the accounts with a password of "Password1".
>
> I have mod_security available to use. I could use that if I knew of all of
> the URLs where a login could be posted.
>
> Thanks,
>
> Richard
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160804/57d3c635/attachment.html>
More information about the users
mailing list