nursoda
commented
2 years ago This request for enhancement should either be addressed by a separate app (since the IP constraint should affect all 2FA apps) or be handled in the server itself. The server does provide basic functionality already (such as the login routing and backup codes), so it seems reasonable to me to ask for this as security enhancement to /settings/admin/security.
Is it possible to disable the two-factor if the user is in lan ip range or enforce it if the user comes from outside this lan ip range? Some of my friends want to access our server from outside campus, but the server is basically a PC, it wouldn't hold against attacks.