authelia/docs/content/en/configuration/security/regulation.md

1.6 KiB

title description lead date draft images menu weight toc aliases
Regulation Regulation Configuration Configuring the Regulation system. 2022-06-15T17:51:47+10:00 false
configuration
parent
security
104300 true
/docs/configuration/regulation.html

Authelia can temporarily ban accounts when there are too many authentication attempts. This helps prevent brute-force attacks.

Configuration

regulation:
  max_retries: 3
  find_time: 2m
  ban_time: 5m

Options

max_retries

{{< confkey type="integer" default="3" required="no" >}}

The number of failed login attempts before a user may be banned. Setting this option to 0 disables regulation entirely.

find_time

{{< confkey type="duration" default="2m" required="no" >}}

Note: This setting uses the duration notation format. Please see the common options documentation for information on this format.

The period of time analyzed for failed attempts. For example if you set max_retries to 3 and find_time to 2m this means the user must have 3 failed logins in 2 minutes.

ban_time

{{< confkey type="duration" default="5m" required="no" >}}

Note: This setting uses the duration notation format. Please see the common options documentation for information on this format.

The period of time the user is banned for after meeting the max_retries and find_time configuration. After this duration the account will be able to login again.