Limiting Login Rate
After a user and/or IP address repeatedly fails to log into PrivX, you can temporarily prevent them from making further login attempts to PrivX. This can help secure your PrivX against brute-force-access attempts.
You can set login-rate limits from Administration→Settings→Authentication.
- Username Attempts Burst Size : number of attempts a user is allowed to fail during a short period of time.
- Username Attempts Per Minute : the rate at which the allowed login attempts for a user are refilled.
For instance, considering an example where Username Attempts Burst Size is set 5 and Username Attempts Per Minute is set to 1, If a user fails to log in 5 times within a very short period, the user will be blocked from making any further attempts. However, after one minute, the user will be allowed to make one new login attempt.
This approach is an implementation of token bucket algorithm, read this link for more details.
Remember to Restart PrivX to apply any changes.