2020-02-29 00:43:59 +00:00
|
|
|
---
|
|
|
|
|
layout: default
|
|
|
|
|
title: Regulation
|
|
|
|
|
parent: Configuration
|
|
|
|
|
nav_order: 7
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
# Regulation
|
|
|
|
|
|
2020-03-09 22:37:46 +00:00
|
|
|
**Authelia** can temporarily ban accounts when there are too many
|
|
|
|
|
authentication attempts. This helps prevent brute-force attacks.
|
2020-02-29 00:43:59 +00:00
|
|
|
|
2020-02-29 05:15:03 +00:00
|
|
|
## Configuration
|
2020-02-29 00:43:59 +00:00
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
|
regulation:
|
|
|
|
|
# The number of failed login attempts before user is banned.
|
|
|
|
|
# Set it to 0 to disable regulation.
|
|
|
|
|
max_retries: 3
|
|
|
|
|
|
|
|
|
|
# The time range during which the user can attempt login before being banned.
|
|
|
|
|
# The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
|
|
|
|
|
find_time: 120
|
|
|
|
|
|
|
|
|
|
# The length of time before a banned user can sign in again.
|
|
|
|
|
ban_time: 300
|
|
|
|
|
```
|
