Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using exponential back-off on login attempts #12

Open
robinvdvleuten opened this issue Jan 10, 2019 · 1 comment
Open

Using exponential back-off on login attempts #12

robinvdvleuten opened this issue Jan 10, 2019 · 1 comment

Comments

@robinvdvleuten
Copy link

Is it possible to add an exponential backoff on any login attempts? So for example each time an user fails to login, it needs to wait an exponential amount of time before trying it again.
@mariusbalcytis
Copy link
Owner

Only manually, at least currently.

Algorithm behind the scenes is always leaking bucket. So, user has X attempts per Y time. When Y time passes from the first attempt, she can try again once more.

As I've mentioned, we do those manually. For example:

maba_gentle_force:
    redis:
        host: localhost
    limits:
        login:
            -
                max_usages: 3
                period: 1m
            -
                max_usages: 10
                period: 1h
            -
                max_usages: 20
                period: 1d
    listeners:
        -
            path: ^/login$
            limits_key: login
            identifiers: [ip]

In this case, user has up to 3 incorrect attempts per 1 minute, up to 10 per 1 hour and up to 20 in 24 consecutive hours.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@robinvdvleuten @mariusbalcytis