I’m looking to open up a site with a login portal to the internet, but I’m hoping to avoid the page getting scanned too much and avoid bruteforce attempts on the login. I know there are some solutions that already exist like Fail2Ban, but I’m hoping for something different if it exists.
My thinking is that I’d like to put an IP filter on the page, but that I could “automate” adding IP addresses somehow. I was thinking I could have some sort of authentication server where I could email someone a unique URL that they would click on and provide some kind of information confirming that they’re who they say they are. Once confirmed, the public IP that was used to access the unique URL would be added to a whitelist that would allow access to the login portal.
Is there a service that exists that could do something like this? I had a quick look at Authelia and SuperTokens, but I’m not sure if that’s what I’m looking for.
I’m using Cloudflare Applications (part of Zero Trust) for this. You can add multiple login methods (email, Google, Facebook, Github, ect) and also IP addresses. I think it’s also possible to accept someone when they request access. It’s very easy to set-up and will also prevent brute force attacks. You can protect a whole application but it’s also possible to protect specific paths.
Can you restrict access to certain Google accounts?
Cloudflare Access would be the simplest solution imo. You just add their email address to the whitelist and have them access the site, they’ll have to enter their email and then they will get a one time code sent to their email which then they could authenticate with.