authelia/docs/configuration/regulation.md

34 lines
1.1 KiB
Markdown
Raw Normal View History

---
layout: default
title: Regulation
parent: Configuration
nav_order: 7
---
# Regulation
**Authelia** can temporarily ban accounts when there are too many
authentication attempts. This helps prevent brute-force attacks.
## Configuration
```yaml
regulation:
# The number of failed login attempts before user is banned.
# Set it to 0 to disable regulation.
max_retries: 3
# The time range during which the user can attempt login before being banned.
# The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
# Find Time accepts duration notation. See: https://docs.authelia.com/configuration/index.html#duration-notation-format
find_time: 2m
# The length of time before a banned user can sign in again.
# Find Time accepts duration notation. See: https://docs.authelia.com/configuration/index.html#duration-notation-format
ban_time: 5m
```
### Duration Notation
The configuration parameters find_time, and ban_time use duration notation. See the documentation
for [duration notation format](index.md#duration-notation-format) for more information.