How to limit maximum failed logins

 

You can set specific number of failed logins for user with setting Maximum failed logins for user.

You can set specific number of failed logins for server with setting Maximum failed logins for address. This is server wise limitation. This is the number of failed logins that for ALL users on specific server.

Maximum expire for failed logins is calculated with a sliding expiration formula based on the period value. You have to care only about upper values and then formula simplifies to "Maximum failed logins period in seconds period" value + 10s + 1s. That means you can manipulate the formula in backend in 10s precision:

  1. Set Maximum failed logins period in seconds to "5", your maximum expire will be 15s - all failed logins will be deleted in 16s (it is actually 15s, but Conference Proxy will take a few milliseconds to actually delete failed logins, hence 16s is the safest option).
  2. Set this setting to 2s, your maximum expire will be 13s
  3. etc.


IMPORTANT: You need to perform actions from step 3 to step 7 in under 60 seconds - it would be best if you first read all the steps and then try it yourself.


Step 1

Click Security in Configuration menu.

Step 2

Set Maximum failed logins for user to "3", Maximum failed logins for address to "5", Maximum failed logins period in seconds to "60" and click "Save" button.

Step 3

Login with testuser1 and invalid password 3 times in a row - you should get "Incorrect username or password".

Step 4

Login with testuser1 and valid password again (4th time) - you should get "Login for user testuser1 is disabled" - Maximum failed logins for user ("3") is exceeded.

Step 5

Login with testuser2 and invalid password 2 times in a row - you should get "Incorrect username or password".

Step 6

Login with testuser2 and valid password again (3rd time) - you should get "Login for user testuser2 is disabled" - Maximum failed logins for address ("5") is exceeded.

Step 7

Login with testuser3 and valid password - you should get "Login for user testuser3 is disabled".

Step 8

Wait for 71 seconds ("Maximum failed logins period" value + 10s + 1s) and login with testuser1 and valid password - login should be successful.

Tags: isl conference proxy, settings, advanced examples, login management , limit

Was this article helpful?