Regulation

Authelia can temporarily ban accounts when there are too many authentication attempts. This helps prevent brute-force attacks.

Configuration

Example Configuration

This section is intended as an example configuration to help users with a rough contextual layout of this configuration section, it is not intended to explain the options. The configuration shown may not be a valid configuration, and you should see the options section below and the navigation links to properly understand each option individually.

configuration.yml
regulation:
  max_retries: 3
  find_time: '2m'
  ban_time: '5m'

Options

This section describes the individual configuration options.

max_retries

integer 3 not required

The number of failed login attempts before a user may be banned. Setting this option to 0 disables regulation entirely.

find_time

string integer duration 2 minutes not required

Reference Note

This configuration option uses a common syntax. For more information please see both the configuration example and the Common Syntax: Duration reference guide.

The period of time analyzed for failed attempts. For example if you set max_retries to 3 and find_time to 2m this means the user must have 3 failed logins in 2 minutes.

ban_time

string integer duration 5 minutes not required

Reference Note

This configuration option uses a common syntax. For more information please see both the configuration example and the Common Syntax: Duration reference guide.

The period of time the user is banned for after meeting the max_retries and find_time configuration. After this duration the account will be able to login again.