Considering implementing dyndns-htaccess (or similar) - fail2ban for services/paths?!

[JedMeister]

A user has suggested that we implement dyndns-htaccess (or similar) to lock down access to admin pages on TurnKey appliances.

IMO, that's an awesome idea! And including that with the WordPress appliance at least (or perhaps even all LAMP appliances?) would be a great MVP (minimum viable product).

Although having said that, perhaps it would be worth considering re-implementing that ourselves via a python script? The rationale for (re)implementing it ourselves in python is:

• not all servers include php; but all include python
• dyndns-htaccess relies on htaccess files; may be better if it actually modifies the Apache config directly?
• dyndns-htaccess only supports Apache; if we implemented it, we could ensure that it supports all the different webservers (e.g. nginx, lighty, etc)

[JedMeister]

Actually, looking at this with fresh eyes, on face value it looks like this would perhaps be superflous, although they're not completely mutually exclusive. Although perhaps we could leverage fail2ban with some sort of dynamic dns trickery? This issue would then be somewhat moot.

[JedMeister]

I'm going to leave this open, but moving to the v15.1 milestone for further consideration.