On Mon, Sep 22, 2025 at 7:22 PM Ares Li <[email protected]> wrote: > Hello community, > > I know in 1.6.0 the failed login attempts will ban the IP by default, but > this would not make sense in the scenario that users are under VPN. I am > wondering if we (will) support banning username instead of a public facing > IP. > > Hello, Ares, Your point is well-taken that it would probably be useful to have a feature, either in the JDBC module or in the Ban module, to lock out accounts based on failed login attempts, as is common for authentication systems. I actually thought we already had that functionality in the JDBC account, but apparently I was mistaken, so I think a feature request and work to implement that would be in order.
-Nick >
