Articles in this section

See more

How to configure rate limiting for login attempts in Plesk?

Avatar
Sergey Senko
Updated
kb: how-to

Question

  • How to configure rate limiting for login attempts in Plesk?

Answer

Starting with Plesk Obsidian 18.0.70, Plesk supports rate limiting for login attempts. This feature is enabled by default on all installations, and can be additionally customized via Panel.ini Editor extension with the following options in the [security] section:

1. Option "bruteforceProtection.enabled". This option defines whether brute force protection is enabled or not. (Default value true)

2. Option "bruteforceProtection.rateLimit". This option defines the number of failed login attempts per IP address. (Default value 5)

3. Option "bruteforceProtection.rateLimitPeriod". This option defines the period in seconds for catching the failed attempts. (Default value 300)

Example:

CONFIG_TEXT: [security]
bruteforceProtection.enabled = true
bruteforceProtection.rateLimit = 5
bruteforceProtection.rateLimitPeriod = 300

Based on these settings, if the client has five failed login attempts, the next attempts will not be processed for 300 seconds starting with the first failed attempt.  

Additional information

Protection Against Brute Force Attacks

 

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles