Table of Contents
data
from the URL. A .htaccess
file for Apache and a web.config
file for IIS is included, but other web servers have to be configured manually.If you would like to install Kanboard outside of the web server document root, you need to create at least these symlinks:
.
├── assets -> ../kanboard/assets
├── cli -> ../kanboard/cli
├── favicon.ico -> ../kanboard/favicon.ico
├── index.php -> ../kanboard/index.php
├── jsonrpc.php -> ../kanboard/jsonrpc.php
└── robots.txt -> ../kanboard/robots.txt
The .htaccess
is optional because its content can be included directly
in the Apache configuration.
You can also define a custom location for the plugins and files folders by changing the config file.
The brute force protection of Kanboard works at the user account level:
This feature works only for authentication methods that use the login form.
However, after three authentication failure through the user API, the account has to be unlocked by using the login form.
Kanboard doesn’t block any IP addresses since bots can use several anonymous proxies. However, you can use external tools like fail2ban to avoid massive scans.
Default settings can be changed with these configuration variables:
// Enable captcha after 3 authentication failure
define('BRUTEFORCE_CAPTCHA', 3);
// Lock the account after 6 authentication failure
define('BRUTEFORCE_LOCKDOWN', 6);
// Lock account duration in minutes
define('BRUTEFORCE_LOCKDOWN_DURATION', 15);
If you don’t want to wait 15 minutes, you can unlock a user from the user interface. As administrator, go to the user profile and click on “Unlock this user”.