bruteforcesettings icon indicating copy to clipboard operation
bruteforcesettings copied to clipboard

Published 20 hours ago • verified publisher icon nextcloud

View status of an IP address from web UI

Open joshtrichards opened this issue 1 year ago • 1 comments
trafficstars

Goal

Allow an admin to specify an IP address of interest in the Web UI to look up its BFP status and view a summary of its attempts history.

Details

An existing command (occ security:bruteforce:attempts) already provides this capability from the command-line. The same information should be available from the web UI (via the BFP settings app) for ease of day-to-day access by admins that prefer the Web UI (or that lack command-line access).

The operator will only need to specify the IP address of interest in order to query the details desired.

Implementation

No changes in the BFP implementation itself are required (i.e. this enhancement will not touch server). All changes will take place in in the bruteforcesettings app itself.

Existing occ command (model)

The existing occ command is implemented in https://github.com/nextcloud/server/blob/master/core/Command/Security/BruteforceAttempts.php.

Output of `occ security:bruteforce:attempts --help`
Description:
  lists bruteforce attempts for given IP address

Usage:
  security:bruteforce:attempts [options] [--] <ipaddress> [<action>]

Arguments:
  ipaddress              IP address for which the attempts are to be listed
  action                 Only count attempts for the given action

Example current output from occ security:bruteforce:attempts <IP_address> includes:

  - bypass-listed: false
  - attempts: 5
  - delay: 3200

How the output changes can be easily tested by entering an invalid password several times in a row and monitoring how the output changes. This same information should be presented in the web UI, albeit in a more "web UI appropriate" manner.

If needed for additional context, refer to the utilized public and private APIs.

Probably out of scope:

  • Looking up an IP range (i.e.. subnet/CIDR block) rather than just a single IP address
    • Caveat: Though we do need to make sure we support IPv6 too which is based a /64 boundary

Out of scope:

  • Specifying actions: Since actions aren't generally documented they're unlikely to be known by non-developers. So there is no need to permit limiting queries by action in the Web UI at this time.
  • Summarizing attempts by time period (e.g. last 48h, last 24h, last 8h, last 30m)

joshtrichards avatar Feb 19 '24 14:02 joshtrichards

+1

would be awesome to see all current entries within the webui

Commifreak avatar Aug 27 '24 06:08 Commifreak