2020-02-29 00:43:59 +00:00
|
|
|
---
|
|
|
|
layout: default
|
|
|
|
title: Regulation
|
|
|
|
parent: Configuration
|
|
|
|
nav_order: 7
|
|
|
|
---
|
|
|
|
|
|
|
|
# Regulation
|
|
|
|
|
2020-03-09 22:37:46 +00:00
|
|
|
**Authelia** can temporarily ban accounts when there are too many
|
|
|
|
authentication attempts. This helps prevent brute-force attacks.
|
2020-02-29 00:43:59 +00:00
|
|
|
|
2020-02-29 05:15:03 +00:00
|
|
|
## Configuration
|
2020-02-29 00:43:59 +00:00
|
|
|
|
|
|
|
```yaml
|
|
|
|
regulation:
|
2020-04-11 04:46:07 +00:00
|
|
|
# The number of failed login attempts before user is banned.
|
|
|
|
# Set it to 0 to disable regulation.
|
|
|
|
max_retries: 3
|
|
|
|
|
|
|
|
# The time range during which the user can attempt login before being banned.
|
|
|
|
# The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
|
|
|
|
# Find Time accepts duration notation. See: https://docs.authelia.com/configuration/index.html#duration-notation-format
|
|
|
|
find_time: 2m
|
|
|
|
|
|
|
|
# The length of time before a banned user can sign in again.
|
|
|
|
# Find Time accepts duration notation. See: https://docs.authelia.com/configuration/index.html#duration-notation-format
|
|
|
|
ban_time: 5m
|
2020-04-05 12:37:21 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
### Duration Notation
|
|
|
|
|
|
|
|
The configuration parameters find_time, and ban_time use duration notation. See the documentation
|
|
|
|
for [duration notation format](index.md#duration-notation-format) for more information.
|