Skip to main content
FindLab.Net The time is now. Now is better than never.
  • Home
  • Websites
  • My projects
    • SEO Meta Tags
    • Easy XML sitemap
    • IndexNow
    • IP Address Blocking
    • Antiscan
    • Login allowlist
    • AbuseIPDB report
    • minicss
  • Why use Backdrop CMS?
  • Contact
  • Home
  • Websites
  • My projects
    • SEO Meta Tags
    • Easy XML sitemap
    • IndexNow
    • IP Address Blocking
    • Antiscan
    • Login allowlist
    • AbuseIPDB report
    • minicss
  • Why use Backdrop CMS?
  • Contact

Login allowlist

Module for restricting login access to your site to only certain users, protecting against "lazy" brute force attacks and malicious malformed requests to the login form.

A "lazy" brute-force attack can use a large number of non-duplicate IP addresses with relatively infrequent requests (one or two in a few minutes) and cannot be prevented by IP blocking.

This module responds to such behavior by returning error 404 or 403 (you can choose which) to an attacker for any user login-related activity.

An an example of such an attack, we block known bad User-Agent string:

Log of attack

Typical log event:

Log event

The configuration page is available from the Administration > Configuration > User accounts > Login allowlist menu (admin/config/people/login_allowlist).

Login allowlist settings

In addition, User-Agent strings used by attackers (which can also be collected from the module log) can be stored in the block-list to deny further login requests.

Login allowlist settings
  • Project page on Backdrop CMS site
  • Project page on GitHub

Contact me

If you are interested in discussing a project or have a question,

you can write to me via email

Or use the form below:

AbuseIPDB Contributor Badge
© 2025 FindLab.Net. All Rights Reserved.
Powered by Backdrop CMS
Written by human, not by AI