Hello
I have a problem with throttling
When I do a lot of unsuccessful tries I get the message "Unauthorized access You have entered the wrong password too many times in a row. You have been rejected.".
But if I refresh the page, the form is displayed and in "cas/actuator/throttles" the line with my ip disappears
How do I make this persistent?
Maybe also would it be possible to send this ip to nftables?
Thanks in advance
My configuration :
CAS 6.6.6
build.graddle:
//authentication/Configuring-Authentication-Throttling = secu DDOS
implementation "org.apereo.cas:cas-server-support-throttle-bucket4j:${project.'cas.version'}"
//authentication/Configuring-Authentication-Throttling = secu Brute Force
implementation "org.apereo.cas:cas-server-support-throttle:${project.'cas.version'}"
cas.properties:
# Sécurité DDOS / Brute force
cas.authn.throttle.failure.range-seconds=30
cas.authn.throttle.failure.threshold=12
cas.authn.throttle.core.username-parameter=username
# Throttle DDOS
cas.authn.throttle.bucket4j.blocking=true
cas.authn.throttle.bucket4j.enabled=true
cas.authn.throttle.bucket4j.bandwidth[0].duration=PT60S
cas.authn.throttle.bucket4j.bandwidth[0].capacity=50