Open-Xchange releases OX Abuse Shield v2.8.0
Open-Xchange is pleased to announce the release of OX Abuse Shield v2.8.0.
OX Abuse Shield provides abuse-prevention for Web Applications (including Webmail), POP, and IMAP. It is integrated with both OX App Suite and OX Dovecot Pro to prevent login and authentication abuse as well as protecting against brute-force attacks.
The goal of OX Abuse Shield is to detect brute forcing of passwords across many servers, services and instances, as well as enforce policy for authentication and authorization. In order to support the real world, brute force detection policy can be tailored to deal with "bulk, but legitimate" users of your service, as well as botnet-wide slow-scans of passwords.
The new OX Abuse Shield v2.8.0 provides the following main improvements:
- Open-Xchange encourages administrators to regularly update to the latest available release. To ensure a stable and up to date environment please note the different versions supported. An overview of the latest supported Major, Minor and Public Patch Releases can be found in the OXpedia at: https://oxpedia.org/wiki/index.php?t...ort_Commitment
Shipped packages and versions
- OX Abuse Shield: https://software.open-xchange.com/pr...2022-12-19.pdf
Download and Installation
For further details about OX Abuse Shield installation and configuration, mandatory and optional packages, policies, please refer to the documentation provided: https://oxpedia.org/wiki/index.php?t...X_Abuse_Shield
Open-Xchange is pleased to announce the release of OX Abuse Shield v2.8.0.
OX Abuse Shield provides abuse-prevention for Web Applications (including Webmail), POP, and IMAP. It is integrated with both OX App Suite and OX Dovecot Pro to prevent login and authentication abuse as well as protecting against brute-force attacks.
The goal of OX Abuse Shield is to detect brute forcing of passwords across many servers, services and instances, as well as enforce policy for authentication and authorization. In order to support the real world, brute force detection policy can be tailored to deal with "bulk, but legitimate" users of your service, as well as botnet-wide slow-scans of passwords.
The new OX Abuse Shield v2.8.0 provides the following main improvements:
- Support ELK 7.x Stack
- Support Date Expansion in WebHook URLs
- Enable IP and Login substitution in blocklist return messages
- dd config option to disable password for /metrics endpoint
- Support redis usernames and passwords for redis authentication
- Support hostnames for redis configuration in addition to IP addresses
- Fix an issue where IPv6 ComboAddress returned zero port number (which caused v6 HTTP listen addresses to not work)
- Return the IP address of the client in JSON of ACL denied response
- Add redis authentication support to wforce policy
- Docker image for wforce policy, based on wforce docker image
- Open-Xchange encourages administrators to regularly update to the latest available release. To ensure a stable and up to date environment please note the different versions supported. An overview of the latest supported Major, Minor and Public Patch Releases can be found in the OXpedia at: https://oxpedia.org/wiki/index.php?t...ort_Commitment
Shipped packages and versions
- wforce v2.8.0
- wforce-policy v2.8.0
- replfwd v2.8.0
- OX Abuse Shield: https://software.open-xchange.com/pr...2022-12-19.pdf
Download and Installation
For further details about OX Abuse Shield installation and configuration, mandatory and optional packages, policies, please refer to the documentation provided: https://oxpedia.org/wiki/index.php?t...X_Abuse_Shield