caddy-security icon indicating copy to clipboard operation
caddy-security copied to clipboard
verified publisher icon greenpau

feature: throttle sandbox authentication requests

Open greenpau opened this issue 3 years ago • 2 comments

A clear and concise description of what you want the system to do.

Implement controls against:

  1. Password spray attack (track by source IP address)
  2. Password brute-force attack (track by user identity)

Upon the detection of the above attack, the offending IP/identity should be blocked for a period of time, e.g. 15 minutes.

Record username and source IP address.

  • Block source IP address that failed auth 10+ times within 2 minute period across multiple usernames
  • Block username who failed auth 5+ times within 5 minute period having same source IP address

greenpau avatar Jan 22 '22 20:01 greenpau

You should consider a way to disable this if the user wants to rely on external solutions. It would also be great if Caddy-security could provide an integration for Crowdsec. It already exists with caddy-crowdsec-bouncer for Caddy but integrating it for Caddy-security may simplify the setup ?

LeonardMeyer avatar May 20 '22 14:05 LeonardMeyer

You should consider a way to disable this if the user wants to rely on external solutions.

@LeonardMeyer , good point! 👍

It would also be great if Caddy-security could provide an integration for Crowdsec. It already exists with caddy-crowdsec-bouncer for Caddy but integrating it for Caddy-security may simplify the setup ?

idk yet.

greenpau avatar May 23 '22 00:05 greenpau