restrict user by location?

Discussion in 'General' started by vmos, Feb 14, 2013.

  1. vmos

    vmos Member

    Good morning, we use ispconfig on many of our servers, but only as standalone instances. On each of these we've restricted access to the admin interface on our firewall and also with iptables.
    We're giving some thought to using a clustered setup for our DNS and/or mail and we want to open the interface to give users access to manage their own DNS and that.
    One of the potential problems with that potentially somebody could brute force the admin login and then get access to everything.

    Sure we can use fail2ban to reduce the likelihood of this but is there anyway to eliminate the option entirely?

    Either say that the admin user can only log in from a certain IP or can only log in to a certain server in the cluster, and then we'd restrict access to that server?
     
  2. till

    till Super Moderator

    You can not brute force the ispconfig admin login as ispconfig blocks IP's aftersome failed login attempts automatically. Fail2ban is not required for that.

    The ispconfig login is a normal apache vhost, so you can use all kin of restrictions that are available for apache vhosts as additional protection.
     
  3. vmos

    vmos Member

    what we want is to make the login interface generally available, just not have the option to login as admin on the public interface, I'm not aware of how to do that via apache.

    What method does ispconfig use to block brute force attempts other than fail2ban?
     
  4. till

    till Super Moderator

    It tracks and blocks logins internally.
     

Share This Page