You can use fail2ban for example. See for example this thread here https://www.postgresql.org/message-id/flat/61463e206b7c4c0ca17b03a59e890b78%40lmco.com,
and the config on https://github.com/rc9000/postgres-fail2ban-lockout. (probably needs some small adaptations, but as a base it should work). -- Magnus Hagander Me: https://www.hagander.net/ Work: https://www.redpill-linpro.com/ Having been down this road myself, these are the options I eventually identified. Each obviously has its benefits and drawbacks: * Change the Postgres source code and deploy a new version. Believe there are examples of how to do this in Git. * Disable/disallow local accounts and rely on LDAP. Be aware passwords would be passed in clear text across the network unless your DCs require SSL. * Disable/disallow local accounts and rely on PKI certificates. I don’t know that this would necessarily limit failed login attempts but is definitely much more secure. * Procure a vendor-supported version of PostgreSQL which offers this functionality. * Fail2ban, as Magnus observed. * Leverage something like Splunk monitoring to identify failed logins and then reach back into the database to lock accounts when appropriate. Hope this is of some help. Ken