We have noticed the following feature has issues / doesnt work properly as it should
1) Under Webmin > Webmin Configuration > Authentication, we have the option to "Block users with more than N tries for M secs". So when an user fails for the Nth time, it says access for the user is blocked but on entering the right password, it allows the user into webmin again.
2) Under Webmin > Webmin Configuration > Authentication, we have the option to "Block hosts with more than N tries for M secs". But consider a scenario where webmin is placed behind a proxy. In that case it will block the proxy ip instead of the remote client ip and no one can access webmin till the block period is over. An apache backend can solve this using RPAF module where it gets the client IP using x-header from the proxy server and block the IP of the client instead of the proxy. Is there a way to achieve the same thing in miniserv.pl?