I’m looking to open up a site with a login portal to the internet, but I’m hoping to avoid the page getting scanned too much and avoid bruteforce attempts on the login. I know there are some solutions that already exist like Fail2Ban, but I’m hoping for something different if it exists.

My thinking is that I’d like to put an IP filter on the page, but that I could “automate” adding IP addresses somehow. I was thinking I could have some sort of authentication server where I could email someone a unique URL that they would click on and provide some kind of information confirming that they’re who they say they are. Once confirmed, the public IP that was used to access the unique URL would be added to a whitelist that would allow access to the login portal.

Is there a service that exists that could do something like this? I had a quick look at Authelia and SuperTokens, but I’m not sure if that’s what I’m looking for.

  • shaunjanssens
    cake
    B
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I’m using Cloudflare Applications (part of Zero Trust) for this. You can add multiple login methods (email, Google, Facebook, Github, ect) and also IP addresses. I think it’s also possible to accept someone when they request access. It’s very easy to set-up and will also prevent brute force attacks. You can protect a whole application but it’s also possible to protect specific paths.

    • 80ShipsB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Can you restrict access to certain Google accounts?

  • SEND_NUKES_PLSB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Cloudflare Access would be the simplest solution imo. You just add their email address to the whitelist and have them access the site, they’ll have to enter their email and then they will get a one time code sent to their email which then they could authenticate with.