Fork me on GitHub Link Search Menu Expand Document Survey contribution
Help the team improve Authelia by taking this 10-second survey.

Regulation

Authelia can temporarily ban accounts when there are too many authentication attempts. This helps prevent brute-force attacks.

Configuration

regulation:
  max_retries: 3
  find_time: 2m
  ban_time: 5m

Options

max_retries

type: integer

default: 3

required: no

The number of failed login attempts before a user may be banned. Setting this option to 0 disables regulation entirely.

find_time

type: string (duration)

default: 2m

required: no

The period of time in duration notation format analyzed for failed attempts. For example if you set max_retries to 3 and find_time to 2m this means the user must have 3 failed logins in 2 minutes.

ban_time

type: string (duration)

default: 5m

required: no

The period of time in duration notation format the user is banned for after meeting the max_retries and find_time configuration. After this duration the account will be able to login again.