Last Updated: May 2020
Tethys Portal includes lockout capabilities to prevent brute-force login attempts. This capability is provided by the Django Axes add-on for Django. This document describes the different configuration options that are available for lockout capabilities in Tethys Portal.
By default, the lockout functionality is disabled when the
DEBUG setting is set to
True and enabled when
False. When lockout is enabled the default behavior is to automatically disable logging in after 3 failed attempts for a given username with a cool off period of 30 minutes. For more details on the default lockout settings see
LOCKOUT_CONFIG in the Tethys Portal Configuration documentation.
The default behavior can be overridden with settings in your
portal_config.yaml file. For example:
LOCKOUT_CONFIG: AXES_ENABLED: True AXES_FAILURE_LIMIT: 10 AXES_COOLOFF_TIME: 1 AXES_LOCK_OUT_BY_USER_OR_IP: True AXES_RESET_ON_SUCCESS: True
For a full list of options for configuring lockout in Tethys Portal, please refer to the Django Axes Configuration Documentation