Hi,
Throttling protects against brute force, so the time you refresh the page
*manually* the throttling has been removed.
We have the exact same throttle conf. This conf allows 1 error per 2.5 seconds:
you must wait 2.5 after a failure otherwise it will be rejected.
Our integration tests this:
https://github.com/UnivParis1/integration-tests-cas-server/blob/main/throttle.test.js
(it checks french msgs, but you should get it)
On this subject, check
https://apereo.github.io/cas/6.6.x/authentication/Configuring-Authentication-Throttling.html#failure-throttling
| Threshold Rate
|
| The failure threshold rate is calculated as: failureThreshold / failureRangeInSeconds. For instance, the failure rate for the above scenario would be 0.333333. An authentication
attempt may be considered throttled if the request submission rate (calculated as the difference between the current date and the last submission date) exceeds the failure
threshold rate.
cu
On 05/04/2023 16:14, William Vincent (Wix31) wrote:
Hello
I have a problem with throttling
When I do a lot of unsuccessful tries I get the message "Unauthorized access You
have entered the wrong password too many times in a row. You have been rejected.".
But if I refresh the page, the form is displayed and in
"cas/actuator/throttles" the line with my ip disappears
How do I make this persistent?
Maybe also would it be possible to send this ip to nftables?
Thanks in advance
My configuration :
CAS 6.6.6
build.graddle:
//authentication/Configuring-Authentication-Throttling = secu DDOS
implementation
"org.apereo.cas:cas-server-support-throttle-bucket4j:${project.'cas.version'}"
//authentication/Configuring-Authentication-Throttling = secu Brute Force
implementation
"org.apereo.cas:cas-server-support-throttle:${project.'cas.version'}"
cas.properties:
# Sécurité DDOS / Brute force
cas.authn.throttle.failure.range-seconds=30
cas.authn.throttle.failure.threshold=12
cas.authn.throttle.core.username-parameter=username
# Throttle DDOS
cas.authn.throttle.bucket4j.blocking=true
cas.authn.throttle.bucket4j.enabled=true
cas.authn.throttle.bucket4j.bandwidth[0].duration=PT60S
cas.authn.throttle.bucket4j.bandwidth[0].capacity=50
--
- Website: https://apereo.github.io/cas <https://apereo.github.io/cas>
- Gitter Chatroom: https://gitter.im/apereo/cas <https://gitter.im/apereo/cas>
- List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7>
- Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG>
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/527ad47d-a0da-4763-8b9c-b84f89895e9an%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/527ad47d-a0da-4763-8b9c-b84f89895e9an%40apereo.org?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d1dc0899-ce8c-9754-3588-d3193587156d%40univ-paris1.fr.
