block user authentication with Cloudflare Zone lockdown

Posted July 9, 2018 · July 9, 2018

Hey

I'm using Cloudflare's Zone Lockdown feature to make the login page of my emby server inaccessible by locking this url:

embydomain.com/web/login.html*

As all my users run Kodi and are logged in anyway, this is (hopefully) an easy way to prevent bruteforce attacks on the login page.

So what I'm wondering about is that authentication in Kodi is still possible with this rule active. So in Kodi I still see the login screen, can enter username and password and login.

This seems to be true because Kodi uses another method to authenticate.

Anybody can assist me telling me what url to block to don't make Kodi devices able to authenticate, either?

Edited July 9, 2018 by horstepipe

Posted July 9, 2018 · July 9, 2018

Why not just block *embydomain.com* for all undesirable regions? Is there any specific reason for just blocking the login page versus the entire domain?

Posted July 9, 2018 · July 9, 2018

Why not just block *embydomain.com* for all undesirable regions? Is there any specific reason for just blocking the login page versus the entire domain?

I'm also blocking all countries except mine for the whole domain, yes.

But it feels more save to make the login page completely inaccessible (even from my region)

Posted July 10, 2018 · July 10, 2018

okay got it:

embydomain.com/emby/Users/AuthenticateByName*

I'll report back if it breaks something else :-)

Edited July 10, 2018 by horstepipe

Sign In

block user authentication with Cloudflare Zone lockdown

Recommended Posts

horstepipe 357

Link to comment

Share on other sites

Jdiesel 1114

Link to comment

Share on other sites

horstepipe 357

Link to comment

Share on other sites

horstepipe 357

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Activity