ah ok thank's i understand now, I confused, I thought it was like a fail2ban, but it's a rate limiting system!
but it's badly done, because if I set cas.authn.throttle.failure.range-seconds=3600 cas.authn.throttle.failure.threshold=5 it does not block for 1 hour if I have 5 bad logins So I have to find another solution for ban , maybe by changing the log format to have it parsed by fail2ban Le jeu. 6 avr. 2023 à 09:43, Pascal Rigaux <pascal.rig...@univ-paris1.fr> a écrit : > Hi, > > Throttling protects against brute force, so the time you refresh the page > *manually* the throttling has been removed. > > We have the exact same throttle conf. This conf allows 1 error per 2.5 > seconds: you must wait 2.5 after a failure otherwise it will be rejected. > Our integration tests this: > https://github.com/UnivParis1/integration-tests-cas-server/blob/main/throttle.test.js > (it checks french msgs, but you should get it) > > On this subject, check > https://apereo.github.io/cas/6.6.x/authentication/Configuring-Authentication-Throttling.html#failure-throttling > > | Threshold Rate > | > | The failure threshold rate is calculated as: failureThreshold / > failureRangeInSeconds. For instance, the failure rate for the above > scenario would be 0.333333. An authentication > attempt may be considered throttled if the request submission rate > (calculated as the difference between the current date and the last > submission date) exceeds the failure > threshold rate. > > cu > > > On 05/04/2023 16:14, William Vincent (Wix31) wrote: > > Hello > > I have a problem with throttling > > When I do a lot of unsuccessful tries I get the message "Unauthorized > access You have entered the wrong password too many times in a row. You > have been rejected.". > > But if I refresh the page, the form is displayed and in > "cas/actuator/throttles" the line with my ip disappears > > How do I make this persistent? > > Maybe also would it be possible to send this ip to nftables? > > Thanks in advance > > > > > > My configuration : > > CAS 6.6.6 > > > > build.graddle: > > //authentication/Configuring-Authentication-Throttling = secu DDOS > > implementation > "org.apereo.cas:cas-server-support-throttle-bucket4j:${project.'cas.version'}" > > //authentication/Configuring-Authentication-Throttling = secu Brute > Force > > implementation > "org.apereo.cas:cas-server-support-throttle:${project.'cas.version'}" > > > > cas.properties: > > # Sécurité DDOS / Brute force > > cas.authn.throttle.failure.range-seconds=30 > > cas.authn.throttle.failure.threshold=12 > > cas.authn.throttle.core.username-parameter=username > > > > # Throttle DDOS > > cas.authn.throttle.bucket4j.blocking=true > > cas.authn.throttle.bucket4j.enabled=true > > cas.authn.throttle.bucket4j.bandwidth[0].duration=PT60S > > cas.authn.throttle.bucket4j.bandwidth[0].capacity=50 > > > > -- > > - Website: https://apereo.github.io/cas <https://apereo.github.io/cas> > > - Gitter Chatroom: https://gitter.im/apereo/cas < > https://gitter.im/apereo/cas> > > - List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7> > > - Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG> > > --- > > You received this message because you are subscribed to the Google > Groups "CAS Community" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to cas-user+unsubscr...@apereo.org <mailto: > cas-user+unsubscr...@apereo.org>. > > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/527ad47d-a0da-4763-8b9c-b84f89895e9an%40apereo.org > > < > https://groups.google.com/a/apereo.org/d/msgid/cas-user/527ad47d-a0da-4763-8b9c-b84f89895e9an%40apereo.org?utm_medium=email&utm_source=footer > >. > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to a topic in the > Google Groups "CAS Community" group. > To unsubscribe from this topic, visit > https://groups.google.com/a/apereo.org/d/topic/cas-user/TCiEN94ph4k/unsubscribe > . > To unsubscribe from this group and all its topics, send an email to > cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/d1dc0899-ce8c-9754-3588-d3193587156d%40univ-paris1.fr > . > -- -- William VINCENT Administrateur systèmes et réseaux -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BU6N_znSVy6eosgm_1nxmDh_%2BzbWRsCpRajy6FhnFViHD1%2BqA%40mail.gmail.com.
