Closed Bug 1722612 Opened 3 years ago Closed 3 years ago

Add support for sending IP addresses of authentication failures and abusive behavior to the iprepd API for rate limiting

Tracking

()

Status:

RESOLVED FIXED

People

(Reporter: dkl, Assigned: dkl)

Details

David Lawrence [:dkl]

Assignee

Description

•

3 years ago

Using a client secret, we will send authentication failures to the iprepd API endpoint from BMO. iprepd can then be setup to rate limit these failures for us without doing so in BMO. This can help with brute force attacks against BMO accounts and possibly other cases.

David Lawrence [:dkl]

Assignee

Updated

•

3 years ago

Summary: Add support for sending auth failures based on IP address to the iprepd API for rate limiting → Add support for sending IP addresses of authentication failures and abusive behavior to the iprepd API for rate limiting

David Lawrence [:dkl]

Assignee

Comment 1

•

3 years ago

needs config options for endpoint url and client secret.
Categories: user/pass, api-key, token, cookie, 2fa

David Lawrence [:dkl]

Assignee

Comment 2

•

3 years ago

Merged with master. Will need to get with iprepd folks to set up the new policies.

Status: ASSIGNED → RESOLVED

Closed: 3 years ago

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Add support for sending IP addresses of authentication failures and abusive behavior to the iprepd API for rate limiting

Categories

(bugzilla.mozilla.org :: General, enhancement)

Tracking

()

People

(Reporter: dkl, Assigned: dkl)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Comment 2