Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
documentation:2.1:bruteforceprotection [2019/01/15 15:55]
127.0.0.1 external edit
documentation:2.1:bruteforceprotection [2020/02/25 19:26] (current)
cmaudoux [Incremental lock time enabled]
Line 1: Line 1:
-====== Brute Force Protection ​Addon ======+====== Brute Force Protection ​plugin ​======
  
-bruteForceProtection ​plugin prevents brute force attack. Plugin DISABLED by default.+This plugin prevents brute force attack. Plugin DISABLED by default.
  
-After some failed login attempts, user must wait (30 seconds by default) ​before ​try to log in again.+After some failed login attempts, user must wait before ​trying ​to log in again.
  
-The aim of a brute force attack is to gain access to user accounts by repeatedly trying to guess the password of user. If it is disabled, automated tools may submit thousands of password attempts in a matter of seconds.+The aim of a brute force attack is to gain access to user accounts by repeatedly trying to guess the password of an user. If disabled, automated tools may submit thousands of password attempts in a matter of seconds.
  
 ===== Configuration ===== ===== Configuration =====
Line 11: Line 11:
 To enable Brute Force Attack protection : To enable Brute Force Attack protection :
  
-Go in Manager, ''​General Parameters''​ » ''​Advanced Parameters''​ » ''​Security''​ » ''​Brute-force attack protection''​ and set to ''​On''​.+Go in Manager, ''​General Parameters''​ » ''​Advanced Parameters''​ » ''​Security''​ » ''​Brute-force attack protection''​ »  
 + ''​Activation''​and set to ''​On''​.
  
-To modify waiting time (30 seconds by default) ​before reAuthentication, MaxAge between current and last stored failed login (300 seconds by default) or number of allowed failed login attempts (3 by default) edit ''​lemonldap-ng.ini''​ in section ​[portal]:+==== Incremental lock time enabled ==== 
 + 
 +You just have to activate it in the Manager : 
 + 
 +Go in Manager, ''​General Parameters''​ » ''​Advanced Parameters''​ » ''​Security''​ » ''​Brute-force attack protection''​ »  
 + ''​Incremental lock times''​ and set to ''​On''​. (DISABLED by default) or in ''​lemonldap-ng.ini''​ [portal] section: 
 +<file ini> 
 +[portal] 
 +bruteForceProtectionIncrementalTempo = 1 
 +</​file>​ 
 + 
 +Lock time increases between each failed login attempt.  
 +To modify lock time values ('5 15 60 300 600' seconds by default) or max lock time value (900 seconds by default) edit ''​lemonldap-ng.ini''​ in [portal] section: 
 + 
 +<file ini> 
 +[portal] 
 +bruteForceProtectionLockTimes = '5 15 60 300 600' 
 +bruteForceProtectionMaxLockTime = 900 
 +</​file>​ 
 + 
 +<​note>​ 
 +Max lock time value is used by this plugin if a lock time is missing (number of failed logins higher than listed lock time values). Lock time values can not be higher than max lock time. 
 +</​note>​ 
 +==== Incremental lock time disabled ==== 
 +After ''​bruteForceProtectionMaxFailed''​ failed login attempts, user must wait ''​bruteForceProtectionTempo''​ seconds before trying to log in again. 
 +To modify waiting time (30 seconds by default), MaxAge between current and last stored failed login (300 seconds by default) or number of allowed failed login attempts (3 by default) edit ''​lemonldap-ng.ini''​ in [portal] ​section:
 <file ini> <file ini>
 [portal] [portal]
Line 20: Line 46:
 bruteForceProtectionMaxFailed = 3 bruteForceProtectionMaxFailed = 3
 </​file>​ </​file>​
 +
 +<note important>​
 +Number of failed login attempts stored in history MUST be higher than allowed failed logins for this plugin takes effect.
 +</​note>​