Odoo Help


How to avoid Brute Force to log in

on 7/7/15, 10:34 AM 1,153 views

Hi Folks,

I am looking how to secure my server againt brute force attempts to log in.

I am already used fail2ban to secure the ssh access. I would like to use it to check my odoo web interface as well.

Unfortunately  I am not able to find somewhere in the log (/var/log/odoo/odoo.log /var/log/auth.log, ...) a warning when a user keys a wrong password. I don't know where amend the code neither.

If you have any tip for me.


Take a look at openerp/addons/web/controllers/main.py - class: Home - function: web_login. Maybe that could help.

on 7/7/15, 11:40 AM

This would be a very useful module and I am sure that people would pay for this - ask Webkul to develop it.

Hertford Developments Limited, Kurt Haselwimmer
on 12/17/15, 2:20 AM



| 5 4 6
Zagreb | Karlovac, Croatia

there is only 10 kind of people the ones that understand binary ... and others

On 7/10/15, 9:53 AM

Workaround could be to setup some reverse proxy (apache|nginx) with users ssl certificate, 
and if cert is not present on users side you could redirect request to some other page/web/domain... 

combined with password gives you pretty secure server

About This Community

This platform is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.


Odoo Training Center

Access to our E-learning platform and experience all Odoo Apps through learning videos, exercises and Quizz.

Test it now

Question tools

1 follower(s)


Asked: 7/7/15, 10:34 AM
Seen: 1153 times
Last updated: 7/10/15, 9:53 AM