OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1720 Commits
13 Branches
0 Tags
45 MiB
Tree: ab1e2678ae
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ab1e2678ae'
${ noResults }
server-tools/auth_brute_force/README.rst

111 lines
3.6 KiB
Raw Normal View History

rename module;
9 years ago
[MIG] auth_brute_force: Migration to 10.0
7 years ago
rename module;
9 years ago
[MIG] auth_brute_force: Migration to 10.0
7 years ago
rename module;
9 years ago
[MIG] auth_brute_force: Migration to 10.0
7 years ago
rename module;
9 years ago
[MIG] auth_brute_force: Migration to 10.0
7 years ago
rename module;
9 years ago
[MIG] auth_brute_force: Migration to 10.0
7 years ago
rename module;
9 years ago
[MIG] auth_brute_force: Migration to 10.0
7 years ago
rename module;
9 years ago
[MIG] auth_brute_force: Migration to 10.0
7 years ago
rename module;
9 years ago
[MIG] auth_brute_force: Migration to 10.0
7 years ago
rename module;
9 years ago
[MIG] auth_brute_force: Migration to 10.0
7 years ago
rename module;
9 years ago
[MIG] auth_brute_force: Migration to 10.0
7 years ago
  1. .. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg
  2. :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
  3. :alt: License: AGPL-3
  5. ===============================================================
  6. Tracks Authentication Attempts and Prevents Brute-force Attacks
  7. ===============================================================
  9. This module registers each request done by users trying to authenticate into
  10. Odoo. If the authentication fails, a counter is increased for the given remote
  11. IP. After a defined number of attempts, Odoo will ban the remote IP and
  12. ignore new requests.
  13. This module applies security through obscurity
  14. (https://en.wikipedia.org/wiki/Security_through_obscurity),
  15. When a user is banned, the request is now considered as an attack. So, the UI
  16. will **not** indicate to the user that his IP is banned and the regular message
  17. 'Wrong login/password' is displayed.
  19. This module realizes a call to a web API (http://ip-api.com) to try to have
  20. extra information about remote IP.
  22. Configuration
  23. =============
  25. Once installed, you can change the ir.config_parameter value for the key
  26. 'auth_brute_force.max_attempt_qty' (10 by default) that define the max number
  27. of attempts allowed before the user was banned.
  29. Usage
  30. =====
  32. Admin user have the possibility to unblock a banned IP.
  34. Logging
  35. -------
  37. This module generates some WARNING logs, in the three following cases:
  39. * Authentication failed from remote '127.0.0.1'. Login tried : 'admin'.
  40. Attempt 1 / 10.
  42. * Authentication failed from remote '127.0.0.1'. The remote has been banned.
  43. Login tried : 'admin'.
  45. * Authentication tried from remote '127.0.0.1'. The request has been ignored
  46. because the remote has been banned after 10 attempts without success. Login
  47. tried : 'admin'.
  49. Screenshot
  50. ----------
  52. **List of Attempts**
  54. .. image:: /auth_brute_force/static/description/screenshot_attempts_list.png
  56. **Detail of a banned IP**
  58. .. image:: /auth_brute_force/static/description/screenshot_custom_ban.png
  61. .. image:: https://odoo-community.org/website/image/ir.attachment/5784_f2813bd/datas
  62. :alt: Try me on Runbot
  63. :target: https://runbot.odoo-community.org/runbot/149/10.0
  65. For further information, please visit:
  67. * https://www.odoo.com/forum/help-1
  69. Known issues / Roadmap
  70. ======================
  72. * The ID used to identify a remote request is the IP provided in the request
  73. (key 'REMOTE_ADDR').
  74. * Depending of server and / or user network configuration, the idenfication
  75. of the user can be wrong, and mainly in the following cases:
  76. * If the Odoo server is behind an Apache / NGinx proxy without redirection,
  77. all the request will be have the value '127.0.0.1' for the REMOTE_ADDR key;
  78. * If some users are behind the same Internet Service Provider, if a user is
  79. banned, all the other users will be banned too;
  81. Bug Tracker
  82. ===========
  84. Bugs are tracked on `GitHub Issues
  85. <https://github.com/OCA/server-tools/issues>`_. In case of trouble, please
  86. check there if your issue has already been reported. If you spotted it first,
  87. help us smash it by providing detailed and welcomed feedback.
  89. Credits
  90. =======
  92. Contributors
  93. ------------
  95. * Sylvain LE GAL (https://twitter.com/legalsylvain)
  96. * David Vidal <david.vidal@tecnativa.com>
  98. Maintainer
  99. ----------
  101. .. image:: https://odoo-community.org/logo.png
  102. :alt: Odoo Community Association
  103. :target: https://odoo-community.org
  105. This module is maintained by the OCA.
  107. OCA, or the Odoo Community Association, is a nonprofit organization whose
  108. mission is to support the collaborative development of Odoo features and
  109. promote its widespread use.
  111. To contribute to this module, please visit https://odoo-community.org.