Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

brute force protection for Nextcloud APIs #437

Closed
schiessle opened this issue Jul 18, 2016 · 5 comments
Closed

brute force protection for Nextcloud APIs #437

schiessle opened this issue Jul 18, 2016 · 5 comments
Labels
enhancement security

Comments

@schiessle
Copy link
Member

As discussed last week in Stuttgart with @LukasReschke, it would be nice to have some kind of brute force protection for OCS/REST APIs. Maybe with a decorator where you can enable/disable it at the controller.
@ChristophWurst
Copy link
Member

dup of #270?

@rullzer
Copy link
Member

rullzer commented Jul 19, 2016

I agree it would be nice. But I still think protection here is better done on a firewall level. A lot of work has already been done at this point which makes DoS attacks way easier then if blocking would happen at the firewall level.

@LukasReschke LukasReschke mentioned this issue Jul 20, 2016
Open
@jknockaert
Copy link
Contributor

@rullzer Protection should ideally be done at the firewall level as I already argued in #270.
@ChristophWurst Ja this is a dup.

@jknockaert
Copy link
Contributor

@LukasReschke I notice that this feature is to be implemented for 10. It would be good to consolidate the earlier thinking on this topic and link back. There's been discussion on the repo in #270, as well as on the forum.

@rullzer
Copy link
Member

rullzer commented Jul 21, 2016

This is in #479
The logging that is done there coud be fed to fail2ban for example.

@rullzer rullzer closed this as completed Jul 21, 2016
@nextcloud-bot nextcloud-bot mentioned this issue Nov 7, 2018
Closed
@nextcloud-bot nextcloud-bot mentioned this issue Nov 29, 2018
Closed
@AveryPalmer AveryPalmer mentioned this issue Dec 1, 2023
Open
@kaocher82 kaocher82 mentioned this issue Dec 1, 2023
Open
@gisforgirard gisforgirard mentioned this issue Dec 11, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rullzer @LukasReschke @ChristophWurst @schiessle @jknockaert