Hi Ahmed, We have a feature to restrict no. of user logins before the user is locked/disabled via the global setting incorrect.login.attempts.allowed. If you've comfortable with frontend programming, you can extend the VueJS based UI to implement/add the recaptcha solution (send a PR too!).
In addition, we've a feature to limit API calls by a user that I've not tested but according to codebase there are these settings available to configure it: api.throttling.max, api.throttling.enabled, api.throttling.interval and api.throttling.cachesize - kindly test if it's useful for your use-case. CloudStack lacks a general-purpose 2FA framework (backend/frontend or both), however, off-the-shelf 3rd party solutions do exist for bot-defence. For example, Cloudflare has a reverse-proxy based solution https://www.cloudflare.com/products/bot-management/ The way it works is that you use the Cloudflare DNS and enable option to proxy via CloudFlare, which will prompt spammers/bots/malicious users to show a captcha or human check (some puzzle or human challenge like select pics that have bikes etc) and if they only pass they'll be allowed to use the resource (i.e. the website url). You may experiment with solutions too as an immediate fix. Regards. ________________________________ From: ahmed jabbar <ahmedam...@gmail.com> Sent: Saturday, July 24, 2021 03:47 To: users@cloudstack.apache.org <users@cloudstack.apache.org> Subject: Re: implement an authentication challenge method (such as Recaptcha) in the CloudStack UI Hi Nicolas, Thank you very much for your reply, Regarding ReCAPTCHA function it self it is simple , It’s just a standard script in html can be included in any web page including ReCAPTCHA api valid account can be registered in https://developers.google.com/recaptcha/intro But the question is how to include the script of ReCAPTCHA in cloudstack login page UI? And test it successfully. So now I invite the users if any body can deploy and test it in cloudstack as a paid task, If any body interested in this task, please contact me on my email. Thank you very much Ahmed. > On 23 Jul 2021, at 8:27 PM, Nicolas Vazquez <nicolas.vazq...@shapeblue.com> > wrote: > > Hi Ahmed, > > I'm not aware about any work on it. I noticed there are some components > listed on Awesome Vue (https://github.com/vuejs/awesome-vue) which can be > used to integrate reCaptcha into CloudStack: > > https://github.com/drozdzynski/vue-grecaptcha > https://github.com/DanSnow/vue-recaptcha > > > Regards, > > Nicolas Vazquez > > ________________________________ > From: ahmed jabbar <ahmedam...@gmail.com> > Sent: Friday, July 23, 2021 1:59 PM > To: users@cloudstack.apache.org <users@cloudstack.apache.org> > Subject: implement an authentication challenge method (such as Recaptcha) in > the CloudStack UI > > >> Hi team, >> I want to implement an authentication challenge method (such as Recaptcha) >> in the CloudStack UI,To protect UI from robot attempts . >> Did anybody implement it before ? >> >> >> BR >> Ahmed > > >
