Open
Description
I'd love to see some additional logging, at least for a few end points, so it's easier to understand if someone is trying to brute-force a login or generally abuse the system.
Proposal
I would like to see the following additions to the instrumentation that currently exists:
- client ip address
- http status, at least on error
I would like to see this done at least for the following routes:
/account/account/password/api/v0/account/verify/api/v0/account/send-verification/login/register
Goal
I'd like to write a crowdsec parser and scenarios to detect brute force and denial of service behaviors so I can feel more comfortable about my self-hosted atuin server that I've exposed to the public.
I'm willing to do the work for this, but I wanted to make sure it's something that'd be accepted before I put more work into it.
Metadata
Metadata
Assignees
Labels
No labels