Module Authlogic::Session::BruteForceProtection::Config
In: lib/authlogic/session/brute_force_protection.rb

Configuration for the brute force protection feature.

Methods

Public Instance methods

To help protect from brute force attacks you can set a limit on the allowed number of consecutive failed logins. By default this is 50, this is a very liberal number, and if someone fails to login after 50 tries it should be pretty obvious that it‘s a machine trying to login in and very likely a brute force attack.

In order to enable this field your model MUST have a failed_login_count (integer) field.

If you don‘t know what a brute force attack is, it‘s when a machine tries to login into a system using every combination of character possible. Thus resulting in possibly millions of attempts to log into an account.

  • Default: 50
  • Accepts: Integer, set to 0 to disable
consecutive_failed_logins_limit=(value = nil)

Once the failed logins limit has been exceed, how long do you want to ban the user? This can be a temporary or permanent ban.

  • Default: 2.hours
  • Accepts: Fixnum, set to 0 for permanent ban
failed_login_ban_for=(value = nil)

[Validate]