Luci brute force protection

Does Luci have any brute force protections by default? If no, how to protect it?

Searched via google and found many recommendations to use Fail2Ban but it is blocking IP, isn’t it? In LAN it won’t work, or I am wrong?

On the LAN side you place your untrusted devices on a "guest" subnet which has no access to the router at all

disable it, only enable when you need it ?

or bind to localhost only, and tunnel the traffic via ssh to be able to access it.

Not so radical :sweat_smile:

In fact cooldown (like IPhone do) when wrong password entered many times will be enough

there's no fw in front of the web server, and uhttpd probably doesn't have the features you'd need to make it happen.

1 Like