Module for restricting login access to your site to only certain users, protecting against "lazy" brute force attacks and malicious malformed requests to the login form.
A "lazy" brute-force attack can use a large number of non-duplicate IP addresses with relatively infrequent requests (one or two in a few minutes) and cannot be prevented by IP blocking.
This module responds to such behavior by returning error 404 or 403 (you can choose which) to an attacker for any user login-related activity.
An an example of such an attack, we block known bad User-Agent string:
Typical log event:
The configuration page is available from the Administration > Configuration > User accounts > Login allowlist menu (admin/config/people/login_allowlist).
In addition, User-Agent strings used by attackers (which can also be collected from the module log) can be stored in the block-list to deny further login requests.