You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Im trying to secure my Tautulli but allow public access for guests and newsletters. Currently brute force of the admin account could occur.
What is your feature request?
There are two items that could really help with securing the server:
Allow the admin user to be disabled when plex auth is enabled, so that the plex admin/owner user is the only admin in the system (of course this could be undone in the config ini if access was needed again)
Store the IP address of the person connecting to Tautulli in the tautulli.log file, this will mean we can use tools like fail2ban to ban an IP thats brute forcing passwords, this would need to take into account X-Forward-For if anyone has Tautulli behind a reverse proxy (I do this as i only have 1 public IP and can split to different servers by dns name), currently the log line is DEBUG :: CP Server Thread-6 : Tautulli WebAuth :: Invalid user login attempt from 'admin'. (also maybe make the failures non DEBUG but actual INFO or WARN)
Are there any workarounds?
As a work around im editing the login.html and removing the content inside the Tautulli Login (username/password/sign in button)
Additional Context
No response
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem?
Im trying to secure my Tautulli but allow public access for guests and newsletters. Currently brute force of the admin account could occur.
What is your feature request?
There are two items that could really help with securing the server:
Allow the admin user to be disabled when plex auth is enabled, so that the plex admin/owner user is the only admin in the system (of course this could be undone in the config ini if access was needed again)
Store the IP address of the person connecting to Tautulli in the tautulli.log file, this will mean we can use tools like fail2ban to ban an IP thats brute forcing passwords, this would need to take into account X-Forward-For if anyone has Tautulli behind a reverse proxy (I do this as i only have 1 public IP and can split to different servers by dns name), currently the log line is DEBUG :: CP Server Thread-6 : Tautulli WebAuth :: Invalid user login attempt from 'admin'. (also maybe make the failures non DEBUG but actual INFO or WARN)
Are there any workarounds?
As a work around im editing the login.html and removing the content inside the Tautulli Login (username/password/sign in button)
Additional Context
No response
The text was updated successfully, but these errors were encountered: