How to configure rate limiting for login attempts in Plesk?

[senthil]

Question

• How to configure rate limiting for login attempts in Plesk?

Answer
Starting with Plesk Obsidian 18.0.70, Plesk supports rate limiting for login attempts. This feature is enabled by
default on all installations, and can be additionally customized via Panel.ini Editor extension with the following
options in the [security] section:

• Option "bruteforceProtection.enabled". This option defines whether brute force protection is enabled or not.
  (Default value true)
• Option "bruteforceProtection.rateLimit". This option defines the number of failed login attempts per IP
  address.(Default value 5)
• Option "bruteforceProtection.rateLimitPeriod". This option defines the period in seconds for catching the
  failed attempts.(Default value 300)

Example:

Code Select Expand

[security]
bruteforceProtection.enabled = true
bruteforceProtection.rateLimit = 5
bruteforceProtection.rateLimitPeriod = 300Based on these settings, if the client has five failed login attempts, the next attempts will not be
processed for 300 seconds starting with the first failed attempt. 

Additional information
Protection Against Brute Force Attacks


[/list]