Desired feature: Permitted Countries for Management
Posted: 08 May 2014, 02:05
One thing I am noticing on my server is that almost all the blocks for certain administrative services that end up being blocked are outside of the country where those that manage my server are located. SSH, SMTP, POP, FTP, and accessing CPanel URLS for example should never be done except by people who have authority to log in and use those servers, and those people are coming from either known IPs or known countries.
For example, if my server is being maintained for a customer in Mexico, it is not appropriate for any user to be able to connect to an administrative function of the server (even if their credentials are valid) from Italy.
I would love to be able to specify a list of countries for which server access to management functions is permissible, and if an attempt is made to access management functions outside of the list of permitted countries, I'd like to have the IP blocked.
This way, even if the login credentials are valid, the IP would be blocked merely on account of the fact that someone not in a permitted country is trying to access that service.
This would be especially helpful in blocking immediately any ssh, smtp, or ftp logins from hacker-heavy countries such as China and Russia.
What would be even especially cool is if the csf could be aware of whatever web service URL is used for login. It would be cool to be able to immediately block any IP from a non permitted country that tries to access wp-login.php on a wordpress site, for example.
Just a suggestion - I hope it's a cool idea to you too!
Mike
For example, if my server is being maintained for a customer in Mexico, it is not appropriate for any user to be able to connect to an administrative function of the server (even if their credentials are valid) from Italy.
I would love to be able to specify a list of countries for which server access to management functions is permissible, and if an attempt is made to access management functions outside of the list of permitted countries, I'd like to have the IP blocked.
This way, even if the login credentials are valid, the IP would be blocked merely on account of the fact that someone not in a permitted country is trying to access that service.
This would be especially helpful in blocking immediately any ssh, smtp, or ftp logins from hacker-heavy countries such as China and Russia.
What would be even especially cool is if the csf could be aware of whatever web service URL is used for login. It would be cool to be able to immediately block any IP from a non permitted country that tries to access wp-login.php on a wordpress site, for example.
Just a suggestion - I hope it's a cool idea to you too!
Mike
