This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:bruteforceprotection [2019/01/15 15:55]
documentation:2.1:bruteforceprotection [2019/01/15 15:55] (current)
Line 1: Line 1:
 +====== Brute Force Protection Addon ======
 +bruteForceProtection plugin prevents brute force attack. Plugin DISABLED by default.
 +After some failed login attempts, user must wait (30 seconds by default) before try to log in again.
 +The aim of a brute force attack is to gain access to user accounts by repeatedly trying to guess the password of a user. If it is disabled, automated tools may submit thousands of password attempts in a matter of seconds.
 +===== Configuration =====
 +To enable Brute Force Attack protection :
 +Go in Manager, ''​General Parameters''​ » ''​Advanced Parameters''​ » ''​Security''​ » ''​Brute-force attack protection''​ and set to ''​On''​.
 +To modify waiting time (30 seconds by default) before reAuthentication,​ MaxAge between current and last stored failed login (300 seconds by default) or number of allowed failed login attempts (3 by default) edit ''​lemonldap-ng.ini''​ in section [portal]:
 +<file ini>
 +bruteForceProtectionTempo = 30
 +bruteForceProtectionMaxAge = 300
 +bruteForceProtectionMaxFailed = 3