We are still getting ready to go live. One of our devs couldn’t log on this morning - ‘too many failed logon attempts’ - none of the rest of us were able to find where to unlock him, resetting the password made no difference, and we couldn’t find where the time out period was set, i.e., how long he would have to wait before trying again, or how we might change this. Would anybody know?
Thanks!
Are you sure it’s SuiteCRM itself logging you out, or could it be something else in your server, like fail2ban?
Not really sure tbh. Let me suggest that to my devs.
No, no fail2ban.
Found this in .env though, so could be the place:
###> login throttling ###
LOGIN_THROTTLING_MAX_ATTEMPTS=5
###< login throttling ###
###> login throttling ###
LOGIN_THROTTLING_IP_LOGIN_MAX_ATTEMPTS=50
LOGIN_THROTTLING_INTERVAL=“30 minutes”
###< login throttling ###
Looks to be it.
Thanks for coming back so quickly btw.
Hey @TrevM
From what I know this is standard symfony, so you should be able to override LOGIN_THROTTLING_INTERVAL on .env.local in case you want to reduce the time. Or change LOGIN_THROTTLING_MAX_ATTEMPTS if you want to increase the max attempts number.
see Login throttling configuration :: SuiteCRM Documentation
Where they also refer to the symfony configuration on: Security (Symfony Docs)
Yes, found it, thanks for the pointers!