Refactor #22778

Allow admin to opt-out from the Brute-force attack protection

Added by roman plevka 5 months ago. Updated 10 days ago.

Status:Closed
Priority:Normal
Assignee:Marek Hulán
Category:Security
Target version:1.19.0
Difficulty: Team Backlog:
Triaged: Fixed in Releases:
Bugzilla link: Found in Releases:Nightly
Pull request:https://github.com/theforeman/foreman/pull/5619

Description

Implementation of http://projects.theforeman.org/issues/4238 introduced a BFA protection, however this is not configurable at all (enable/disable, number of retries, blacklist timeout, etc.).

It would be beneficial, if I as an admin had a way of configure or completely disable the feature.

- e.g. our automation, running on a single foreman instance executes multiple tests, one of them being a negative tests trying an invalid authentication - this test typically lock the automation out from Foreman access, causing all further tests to fail.


Related issues

Related to Foreman - Feature #4238: Protection from Brute Force Password Attacks Closed 02/03/2014

Associated revisions

Revision 086ed5bd
Added by Marek Hulán about 1 month ago

Fixes #22778 - disableable bruteforce protection

History

#1 Updated by Og Maciel 5 months ago

Please consider adding this RFE as its absence right now blocks QE's automation.

#2 Updated by Marek Hulán 5 months ago

Interesting problem. I see we count to 30 if the login attempt fails. Does that mean that automation tried 30 times wrong password? Is that a single test that does that? Or what does the automation try to achieve? A workaround might be cleaning Rails cache, which is normally located at /usr/share/foreman/tmp/. Or you can try running foreman-rake tmp:clear

#3 Updated by Marek Hulán 5 months ago

  • Related to Feature #4238: Protection from Brute Force Password Attacks added

#4 Updated by The Foreman Bot about 1 month ago

  • Assignee set to Marek Hulán
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/5619 added

#5 Updated by Lukas Zapletal about 1 month ago

  • Legacy Backlogs Release (now unused) set to 353

#6 Updated by Marek Hulán about 1 month ago

  • % Done changed from 0 to 100
  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF