Odoo Help

Welcome!

This community is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.

0

How to avoid Brute Force to log in

By
OLIVIER INFORMATIQUE
on 7/7/15, 10:34 AM 586 views

Hi Folks,

I am looking how to secure my server againt brute force attempts to log in.

I am already used fail2ban to secure the ssh access. I would like to use it to check my odoo web interface as well.

Unfortunately  I am not able to find somewhere in the log (/var/log/odoo/odoo.log /var/log/auth.log, ...) a warning when a user keys a wrong password. I don't know where amend the code neither.

If you have any tip for me.

Thanks

Take a look at openerp/addons/web/controllers/main.py - class: Home - function: web_login. Maybe that could help.

PY
on 7/7/15, 11:40 AM

This would be a very useful module and I am sure that people would pay for this - ask Webkul to develop it.

Hertford Developments Limited, Kurt Haselwimmer
on 12/17/15, 2:20 AM
0

Bole

--Bole--
2385
| 5 4 6
Zagreb | Karlovac, Croatia
--Bole--

there is only 10 kind of people the ones that understand binary ... and others

Bole
On 7/10/15, 9:53 AM

Workaround could be to setup some reverse proxy (apache|nginx) with users ssl certificate, 
and if cert is not present on users side you could redirect request to some other page/web/domain... 

combined with password gives you pretty secure server

Your Answer

Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!

About This Community

This community is for professionals and enthusiasts of our products and services. Read Guidelines

Question tools

1 follower(s)

Stats

Asked: 7/7/15, 10:34 AM
Seen: 586 times
Last updated: 7/10/15, 9:53 AM