Block brute force attack for login

Hi. Is there a way to block brute force?

I usually use fail2ban to ban IP addresses that failed with 401 status code on login after some attempts but since sentry return 200 even for bad logins I can’t use that method.

(I enabled 2FA and I don’t want to use SSO.)

I solved this problem with combination of rate limiting nginx and fail2ban nginx limit req module.

1 Like