Articles in this section

How to configure rate limiting for login attempts in Plesk?

Dobrin Ivanov
Updated
Plesk for Windows kb: how-to Plesk for Linux

Question

  • How to configure rate limiting for login attempts in Plesk?

Answer

Starting with Plesk Obsidian 18.0.70, Plesk supports rate limiting for login attempts. This feature is enabled by default on all installations, and can be additionally customized via Panel.ini Editor extension with the following options in the [security] section:

1. Option "bruteforceProtection.enabled". This option defines whether brute force protection is enabled or not. (Default value true)

2. Option "bruteforceProtection.rateLimit". This option defines the number of failed login attempts per IP address. (Default value 5)

3. Option "bruteforceProtection.rateLimitPeriod". This option defines the period in seconds for catching the failed attempts. (Default value 300)

Example:

CONFIG_TEXT: [security]
bruteforceProtection.enabled = true
bruteforceProtection.rateLimit = 5
bruteforceProtection.rateLimitPeriod = 300

Based on these settings, if the client has five failed login attempts, the next attempts will not be processed for 300 seconds starting with the first failed attempt.  

Additional information

Protection Against Brute Force Attacks

 

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.