authelia/docs/configuration/regulation.md
yossbg 05406cfc7b
feat(ntp): check clock sync on startup (#2251)
This adds method to validate the system clock is synchronized on startup. Configuration allows adjusting the server address, enabled state, desync limit, and if the error is fatal.

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-09-17 14:44:35 +10:00

1.5 KiB

layout title parent nav_order
default Regulation Configuration 10

Regulation

Authelia can temporarily ban accounts when there are too many authentication attempts. This helps prevent brute-force attacks.

Configuration

regulation:
  max_retries: 3
  find_time: 2m
  ban_time: 5m

Options

max_retries

type: integer {: .label .label-config .label-purple } default: 3 {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The number of failed login attempts before a user may be banned. Setting this option to 0 disables regulation entirely.

find_time

type: string (duration) {: .label .label-config .label-purple } default: 2m {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The period of time in duration notation format analyzed for failed attempts. For example if you set max_retries to 3 and find_time to 2m this means the user must have 3 failed logins in 2 minutes.

ban_time

type: string (duration) {: .label .label-config .label-purple } default: 5m {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The period of time in duration notation format the user is banned for after meeting the max_retries and find_time configuration. After this duration the account will be able to login again.