Lockout (Optional)¶
Last Updated: May 2020
Tethys Portal includes lockout capabilities to prevent brute-force login attempts. This capability is provided by the Django Axes add-on for Django. This document describes the different configuration options that are available for lockout capabilities in Tethys Portal.
Default Configuration¶
By default, the lockout functionality is disabled when the DEBUG setting is set to True and enabled when DEBUG is False. When lockout is enabled the default behavior is to automatically disable logging in after 3 failed attempts for a given username with a cool off period of 30 minutes. For more details on the default lockout settings see LOCKOUT_CONFIG in the Tethys Portal Configuration documentation.
Configuration¶
The default behavior can be overridden with settings in your portal_config.yaml file. For example:
LOCKOUT_CONFIG:
AXES_ENABLED: True
AXES_FAILURE_LIMIT: 10
AXES_COOLOFF_TIME: 1
AXES_LOCK_OUT_BY_USER_OR_IP: True
AXES_RESET_ON_SUCCESS: True
For a full list of options for configuring lockout in Tethys Portal, please refer to the Django Axes Configuration Documentation