Closed
Bug 1722612
Opened 3 years ago
Closed 3 years ago
Add support for sending IP addresses of authentication failures and abusive behavior to the iprepd API for rate limiting
Categories
(bugzilla.mozilla.org :: General, enhancement)
bugzilla.mozilla.org
General
Tracking
()
RESOLVED
FIXED
People
(Reporter: dkl, Assigned: dkl)
Details
Using a client secret, we will send authentication failures to the iprepd API endpoint from BMO. iprepd can then be setup to rate limit these failures for us without doing so in BMO. This can help with brute force attacks against BMO accounts and possibly other cases.
Assignee | ||
Updated•3 years ago
|
Summary: Add support for sending auth failures based on IP address to the iprepd API for rate limiting → Add support for sending IP addresses of authentication failures and abusive behavior to the iprepd API for rate limiting
Assignee | ||
Comment 1•3 years ago
|
||
- needs config options for endpoint url and client secret.
- Categories: user/pass, api-key, token, cookie, 2fa
Assignee | ||
Comment 2•3 years ago
|
||
Merged with master. Will need to get with iprepd folks to set up the new policies.
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•