Implementar controle no login para evitar ataque de força bruta

bireme / fi-admin

Administration interface and API for Informations Sources

Other

6 stars 10 forks source link

Implementar controle no login para evitar ataque de força bruta #1450

Open viniciusandrade opened 3 months ago

viniciusandrade commented 3 months ago

CM-PAHO-EXT-08. It is recommended to block the attacker IP address incrementally. An example of this measure is as follows: The first time that an attack of this type is detected, the IP address is blocked for 15 minutes, the second time a block is applied for 30 minutes and the third time a permanent block is applied.

viniciusandrade commented 3 months ago

Implementado em https://github.com/bireme/fi-admin/commit/ccd3493d418315990bac867cac09c14b6fd0b704

viniciusandrade commented 2 months ago

Verificado que devido ao uso de proxy o IP do usuário não esta sendo repassado para aplicação. Realizando ajustes para pegar IP de outra variável de ambiente.