Nick Couchman created GUACAMOLE-2144:
----------------------------------------
Summary: Allow auth-ban to factor in usernames to lockout
Key: GUACAMOLE-2144
URL: https://issues.apache.org/jira/browse/GUACAMOLE-2144
Project: Guacamole
Issue Type: New Feature
Components: guacamole-auth-ban
Reporter: Nick Couchman
Per the discussion on the user@ mailing list, there are situations where it
would be useful to allow the auth-ban module to factor in username, either
instead of or in combination with IP address. This can be useful in situations
where Guacamole cannot see the actual client IP address because it is hidden
behind a load balancer or VPN connection that obfuscates that information. (In
my day job, we use Zscaler to do VPN connectivity, and the IP address that the
Guacamole server sees is always one of the Zscaler Private Access (ZPA)
endpoints, and never the actual client IP.)
The default behavior of the module should remain as-is, where only the IP
address is factored in, as this is the most useful option, but allowing for
configurability of the combination of username and IP would help folks in other
situations.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
