You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Incrementing the auth_fail_count field:
On each failed login attempt, the auth_fail_count field associated with the user is incremented. This field is included in the user information (userinfo) sent to the system.
Blocking after a defined threshold:
If the failure count reaches a configurable threshold, access through the user interface (UI) is suspended.
Front-End Behavior:
The front-end displays a message informing the user that the account is suspended and prevents further login attempts. No signin requests are sent.
API Submissions:
Direct API submissions remain possible as long as the user account is marked as active. However, requests outside the official interface (e.g., via a modified front-end) are reasonably considered malicious.
Differentiating HTTP Codes: 401 Unauthorized vs. 403 Forbidden
HTTP codes are used to provide precise feedback on why a request was rejected. The following cases apply to authentication attempts:
Case
HTTP Code
Explanation
Unknown user
401
Indicates that the user does not exist in the system.
Known user, failure below the threshold
403
Authentication failed, but attempts remain. The front-end notifies the user without blocking.
Known user, failure at or above threshold
401
The failure count exceeds the threshold. Re-authentication is required.
Integration with fail2ban
The protection mechanism integrates with fail2ban as follows:
Monitoring 401 responses:
fail2ban is configured to monitor HTTP responses with the 401 Unauthorized code.
IP Blocking After Threshold:
If an IP address triggers more than 3 401 responses, fail2ban blocks the IP.
This strategy ensures dual-layer protection:
User-Level Blocking: Controlled via auth_fail_count.
IP-Level Blocking: Managed by fail2ban, limiting brute force attempts.
Configurable Parameters
Attempt Threshold (auth_fail_threshold): Defines the maximum number of failed attempts allowed before blocking the user.
fail2ban Configuration: Customizable threshold and blocking duration for IPs generating multiple 401 responses.
The text was updated successfully, but these errors were encountered:
Blocking Strategy
Failure Count Increment Process
Incrementing the
auth_fail_countfield:On each failed login attempt, the
auth_fail_countfield associated with the user is incremented. This field is included in the user information (userinfo) sent to the system.Blocking after a defined threshold:
If the failure count reaches a configurable threshold, access through the user interface (UI) is suspended.
Front-End Behavior:
The front-end displays a message informing the user that the account is suspended and prevents further login attempts. No
signinrequests are sent.API Submissions:
Direct API submissions remain possible as long as the user account is marked as active. However, requests outside the official interface (e.g., via a modified front-end) are reasonably considered malicious.
Differentiating HTTP Codes:
401 Unauthorizedvs.403 ForbiddenHTTP codes are used to provide precise feedback on why a request was rejected. The following cases apply to authentication attempts:
Integration with fail2ban
The protection mechanism integrates with fail2ban as follows:
fail2ban is configured to monitor HTTP responses with the
401 Unauthorizedcode.If an IP address triggers more than 3
401responses, fail2ban blocks the IP.This strategy ensures dual-layer protection:
auth_fail_count.Configurable Parameters
auth_fail_threshold): Defines the maximum number of failed attempts allowed before blocking the user.401responses.The text was updated successfully, but these errors were encountered: