I suspect this won't get a lot of support from the user base, but is perhaps easy enough to implement... We have placed our LiquidFiles server behind a reverse proxy. I'm not a big fan, but the security team insists. The issue is that the LiquidFiles server never sees the real external IP. Only the IP of the reverse proxy. If we enable Brute Force lockouts, any lockout will lockout the IP of the reverse proxy which will lockout everyone. I know, my problem. Anyway, if possible I'd love to see the ability to lockout a user account rather than an IP address.