Regulation

Configuring the Regulation system.

Authelia can temporarily ban accounts when there are too many authentication attempts. This helps prevent brute-force attacks.

Configuration

⚠️

This section is intended as an example configuration to help users with a rough contextual layout of this configuration section, it is not intended to explain the options. The configuration shown may not be a valid configuration, and you should see the options section below and the navigation links to properly understand each option individually.

regulation:
  max_retries: 3
  find_time: 2m
  ban_time: 5m

Options

This section describes the individual configuration options.

max_retries

integer 3 not required

The number of failed login attempts before a user may be banned. Setting this option to 0 disables regulation entirely.

find_time

duration 2m not required

Note: This setting uses the duration notation format. Please see the common options documentation for information on this format.

The period of time analyzed for failed attempts. For example if you set max_retries to 3 and find_time to 2m this means the user must have 3 failed logins in 2 minutes.

ban_time

duration 5m not required

Note: This setting uses the duration notation format. Please see the common options documentation for information on this format.

The period of time the user is banned for after meeting the max_retries and find_time configuration. After this duration the account will be able to login again.

Last modified on May 4, 2023

Edit this page on GitHub

Regulation

Configuration #

Options #

max_retries #

find_time #

ban_time #

Configuration

Options

max_retries

find_time

ban_time