- Posts: 48
- Thank you received: 1
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
Despite I added the OTP feature to avoid the blacklist securely, sometimes administrators are blocked and they can't access to the site. Imagine what happens when someone with low experience in Joomla is blocked... This is why I added the whitelist. They can list their IPs there so always can access to the site. Take note that ips are not added automatically: must be added by an administrator.In a firewall component, why would you ever set anything to whitelist anything automatically?
Yes, it's a good idea. In fact, the first thing that the firewall checks is if the ip is in whitelist. In this case no action is taken.In your opinion, is adding a feature so that the firewall automatically checks whitelisted IPs and does not add the attempt to the log, not a good idea?
I have seen this bahaviour in other security products, but setting this in SCP would require a complete refactor of some code. I plan to add more info when someone is blocked in a future (for example the message will show the ip so the administrator can easily unblock it in case of a false positive). Maybe I could also add your suggestion "Please visit again after X minutes and try again." if someone is blocked by dynamic blacklist.Related to this topic, is there a setting in SCP which would display a message in the login panel that says "You have X number of login attempts left before you will be blocked."? And maybe also, after they are blocked, display another message which says "Please visit again after X minutes and try again."
Please Log in or Create an account to join the conversation.
Despite I added the OTP feature to avoid the blacklist securely, sometimes administrators are blocked and they can't access to the site. Imagine what happens when someone with low experience in Joomla is blocked... This is why I added the whitelist. They can list their IPs there so always can access to the site. Take note that ips are not added automatically: must be added by an administrator.
Yes, it's a good idea. In fact, the first thing that the firewall checks is if the ip is in whitelist. In this case no action is taken.
Please Log in or Create an account to join the conversation.
In order to provide you with the best online experience this website uses cookies. Delete cookies
By using our website, you agree to our use of cookies.