Skip to main content
FindLab.Net The time is now. Now is better than never.
  • Home
  • Websites
  • My projects
    • IndexNow
    • SEO Meta Tags
    • Easy XML sitemap
    • IP address blocking
    • Login allowlist
    • Antiscan
    • AbuseIPDB report
    • minicss
  • Why use Backdrop CMS?
  • Contact
  • Home
  • Websites
  • My projects
    • IndexNow
    • SEO Meta Tags
    • Easy XML sitemap
    • IP address blocking
    • Login allowlist
    • Antiscan
    • AbuseIPDB report
    • minicss
  • Why use Backdrop CMS?
  • Contact

Login allowlist

Module to limit login access to your site to only certain users, protect against "lazy" brute force attack and malicious malformed requests to the login form.

A "lazy" brute-force attack can use a large number of non-duplicate IP addresses with relatively infrequent requests (one or two in a few minutes) and cannot be prevented by IP blocking.

This module reacts to such behavior by returning error 404 or 403 (you can select which) to an attacker for any user login related activity

An example of such attack, we block known bad User-Agent string:

Log of attack

Typical log event:

Log event

Configuration page is available via menu Administration > Configuration > User accounts > Login allowlist (admin/config/people/login_allowlist).

Login allowlist settings

Additionally, User-Agent strings used by attackers (also can be collected from the module log) can be stored in block-list to reject further login requests.

Login allowlist settings
  • Project page on Backdrop CMS site
  • Project page on GitHub

Contact me

If you are interested in talking about a project or have a question,

you can write to me here in English, Hebrew or Russian.

© 2023 FindLab.Net. All Rights Reserved.
Powered by Backdrop CMS