| ▲ | omh 3 hours ago | |
I'll take that bait ;-) IP filtering is a valuable factor for security. I know which IPs belong to my organisation and these can be a useful factor in allowing access. I've written rules which say that access should only be allowed when the client has both password and MFA and comes from a known IP address. Why shouldn't I do that? And there are systems which only support single-factor (password) authentication so I've configured IP filtering as a second factor. I'd love them to have more options but pragmatically this works. | ||
| ▲ | friendzis 36 minutes ago | parent [-] | |
Why are you (re-)implementing client security on provider end? If a client requires that only requests from a particular network are permitted... Peer in some way. I do understand the value of blocking unwanted networks/addresses, but that's a bit different problem space. | ||