Greetings all,
I was wondering if there is any way to auto lock an account after a number of failed login attempts? This includes the admin account to protect against password attacks.
Regards
Hi @asfoorial
You can use the below configuration in your config.yml file.
auth_failure_listeners:
ip_rate_limiting:
type: ip
allowed_tries: 3
time_window_seconds: 3600
block_expiry_seconds: 600
max_blocked_clients: 100000
max_tracked_clients: 100000
internal_authentication_backend_limiting:
type: username
authentication_backend: internal
allowed_tries: 3
time_window_seconds: 3600
block_expiry_seconds: 600
max_blocked_clients: 100000
max_tracked_clients: 100000
2 Likes