34 lines
1.1 KiB
Markdown
34 lines
1.1 KiB
Markdown
---
|
|
layout: default
|
|
title: Regulation
|
|
parent: Configuration
|
|
nav_order: 5
|
|
---
|
|
|
|
# Regulation
|
|
|
|
**Authelia** can temporarily ban accounts when there are too many
|
|
authentication attempts. This helps prevent brute-force attacks.
|
|
|
|
## Configuration
|
|
|
|
```yaml
|
|
regulation:
|
|
# The number of failed login attempts before user is banned.
|
|
# Set it to 0 to disable regulation.
|
|
max_retries: 3
|
|
|
|
# The time range during which the user can attempt login before being banned.
|
|
# The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
|
|
# Find Time accepts duration notation. See: https://docs.authelia.com/configuration/index.html#duration-notation-format
|
|
find_time: 2m
|
|
|
|
# The length of time before a banned user can sign in again.
|
|
# Find Time accepts duration notation. See: https://docs.authelia.com/configuration/index.html#duration-notation-format
|
|
ban_time: 5m
|
|
```
|
|
|
|
### Duration Notation
|
|
|
|
The configuration parameters find_time, and ban_time use duration notation. See the documentation
|
|
for [duration notation format](index.md#duration-notation-format) for more information. |