Open AnderssonPeter opened 6 months ago
AnderssonPeter
commented
6 months ago If i read the codebase corretly its based on Django? i found the following post providing a possible solution: https://code.djangoproject.com/ticket/24465 but I'm a bit unsure where to add it.
smilerz
commented
6 months ago Unlikely to change the default Django behavior.
AnderssonPeter
commented
6 months ago @smilerz It could be hidden behind a cli or environment flag if that helps?
vabene1111
commented
6 months ago auth is provided by https://docs.allauth.org/en/latest/ in tandoor. Feel free to take a look if they have a setting for status codes and I can implement them, altough I am pretty sure that somebody had a reason to choose the status code they did so please also evaluate whats best practice in this field.
Also allauth already has build in rate limiting functionality so putting fail2ban in front of it is not really necessary.
Is your feature request related to a problem? Please describe.
Security
Describe the solution you'd like
Hi I'm trying to lock down my network by using a fail2ban plugin for my reverse proxy (Traefik), but for it to be able to detect incorrect singin attempts it would need a non http 200 code.
Is there someway to configure it to return something different than 200 when the username or password is incorrect?
Describe alternatives you've considered
No response
Additional context
No response