Title here
Summary here
Server Endpoint Rate Limits
Authelia imposes default rate limits on specific endpoints which can prevent faulty clients or bad actors from consuming too many resources or using brute-force to potentially compromise security. This should not be confused with Regulation which is used to silently ban users from using the username / password form.
Configuration
Example Configuration
This section is intended as an example configuration to help users with a rough contextual layout of this configuration section, it is not intended to explain the options. The configuration shown may not be a valid configuration, and you should see the options section below and the navigation links to properly understand each option individually.
server:
endpoints:
rate_limits:
reset_password_start:
enable: true
buckets:
- period: '10 minutes'
requests: 5
- period: '15 minutes'
requests: 10
- period: '30 minutes'
requests: 15
reset_password_finish:
enable: true
buckets:
- period: '1 minute'
requests: 10
- period: '2 minutes'
requests: 15
second_factor_totp:
enable: true
buckets:
- period: '1 minute'
requests: 30
- period: '2 minutes'
requests: 40
- period: '10 minutes'
requests: 50
second_factor_duo:
enable: true
buckets:
- period: '1 minute'
requests: 10
- period: '2 minutes'
requests: 15
session_elevation_start:
enable: true
buckets:
- period: '5 minutes'
requests: 3
- period: '10 minutes'
requests: 5
- period: '1 hour'
requests: 15
session_elevation_finish:
enable: true
buckets:
- period: '10 minutes'
requests: 3
- period: '20 minutes'
requests: 5
- period: '1 hour'
requests: 15Common Options
enable
boolean
true
not required
Enables the given rate limit configuration. These are enabled by default.
buckets
list(object)
not required
The list of individual buckets to consider for each request.
period
Reference Note
This configuration option uses a common syntax. For more information please see both the configuration example and the Common Syntax: Duration reference guide.
Configures the period of time the tokenized bucket applies to.
Required if the buckets have a configuration and enable is true.
requests
integer
situational
Configures the number of requests the tokenized bucket applies to.
Required if the buckets have a configuration and enable is true.
Options
reset_password_start
Configures the rate limiter which applies to the endpoint that initializes the reset password flow.
See Common Options for the individual options for this section.
reset_password_finish
Configures the rate limiter which applies to endpoints which consume tokens for the reset password flow.
See Common Options for the individual options for this section.
second_factor_totp
Configures the rate limiter which applies to the TOTP endpoint code submissions for the second factor flow.
See Common Options for the individual options for this section.
second_factor_duo
Configures the rate limiter which applies to the Duo / Mobile Push endpoint which initializes the application authorization flow for the second factor flow.
See Common Options for the individual options for this section.
session_elevation_start
Configures the rate limiter which applies to the Elevated Session endpoint which initializes the code generation and notification for the elevated session flow.
See Common Options for the individual options for this section.
session_elevation_finish
Configures the rate limiter which applies to the Elevated Session endpoint which consumes the code for the elevated session flow.
See Common Options for the individual options for this section.
Prev
Server