William,
If the throttled user tries to log in after the page refresh, what happens?
Ray
On Wed, 2023-04-05 at 07:14 -0700, William Vincent (Wix31) wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hello
I have a problem with throttling
When I do a lot of unsuccessful tries I get the message "Unauthorized access
You have entered the wrong password too many times in a row. You have been
rejected.".
But if I refresh the page, the form is displayed and in
"cas/actuator/throttles" the line with my ip disappears
How do I make this persistent?
Maybe also would it be possible to send this ip to nftables?
Thanks in advance
My configuration :
CAS 6.6.6
build.graddle:
//authentication/Configuring-Authentication-Throttling = secu DDOS
implementation
"org.apereo.cas:cas-server-support-throttle-bucket4j:${project.'cas.version'}"
//authentication/Configuring-Authentication-Throttling = secu Brute Force
implementation
"org.apereo.cas:cas-server-support-throttle:${project.'cas.version'}"
cas.properties:
# Sécurité DDOS / Brute force
cas.authn.throttle.failure.range-seconds=30
cas.authn.throttle.failure.threshold=12
cas.authn.throttle.core.username-parameter=username
# Throttle DDOS
cas.authn.throttle.bucket4j.blocking=true
cas.authn.throttle.bucket4j.enabled=true
cas.authn.throttle.bucket4j.bandwidth[0].duration=PT60S
cas.authn.throttle.bucket4j.bandwidth[0].capacity=50
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7dc94e757968e5d2e019a89b47740a670590716f.camel%40uvic.ca.
