authelia/docs/configuration/regulation.md
James Elliott cef35fadcd
feat(configuration): add error and warn log levels (#2050)
This is so levels like warn and error can be used to exclude info or warn messages. Additionally there is a reasonable refactoring of logging moving the log config options to the logging key because there are a significant number of log options now. This also decouples the expvars and pprof handlers from the log level, and they are now configured by server.enable_expvars and server.enable_pprof at any logging level.
2021-06-01 14:09:50 +10:00

1.5 KiB

layout title parent nav_order
default Regulation Configuration 7

Regulation

Authelia can temporarily ban accounts when there are too many authentication attempts. This helps prevent brute-force attacks.

Configuration

regulation:
  max_retries: 3
  find_time: 2m
  ban_time: 5m

Options

max_retries

type: integer {: .label .label-config .label-purple } default: 3 {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The number of failed login attempts before a user may be banned. Setting this option to 0 disables regulation entirely.

find_time

type: string (duration) {: .label .label-config .label-purple } default: 2m {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The period of time in duration notation format analyzed for failed attempts. For example if you set max_retries to 3 and find_time to 2m this means the user must have 3 failed logins in 2 minutes.

ban_time

type: string (duration) {: .label .label-config .label-purple } default: 5m {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The period of time in duration notation format the user is banned for after meeting the max_retries and find_time configuration. After this duration the account will be able to login again.