how can we prevent Brute-force attack in moqui ? is there any config in moqui ?
I haven’t seen anything for this in Moqui by default. It is a problem that I’ve come across, and would be a good thing to work on.
Let me know if you make any progress on this.
What do you mean by a brute-force attack?
I’ve heard that term used in a few different contexts, including password breaking and DoS (Denial of Service) sorts of attacks.
For password breaking Moqui has a configurable timeout following a configurable number of failed authentication attempts to limit velocity.
For DoS, it is a bad idea to even try to handle that inside an application. There is very good software around for that, including Web Application Firewalls and even some load balancers and HTTP proxies handle this either natively or with plugins.
For example, moqui.org uses CloudFlare as a pass through for all requests for a few security reasons, including handling denial of service (high traffic) attacks.
If you want to know more, you may need to add more detail to your question.