.. _advanced_config_lockout: ****************** Lockout (Optional) ****************** **Last Updated:** May 2020 .. important:: This feature requires the ``django-axes`` library to be installed. Starting with Tethys 5.0 or if you are using ``micro-tethys-platform``, you will need to install ``django-axes`` using conda or pip as follows: .. code-block:: bash # conda: conda-forge channel strongly recommended conda install -c conda-forge django-axes # pip pip install django-axes Tethys Portal includes lockout capabilities to prevent brute-force login attempts. This capability is provided by the `Django Axes `_ add-on for Django. This document describes the different configuration options that are available for lockout capabilities in Tethys Portal. .. image:: ./images/locked_out.png :width: 800px :align: left Default Configuration ===================== By default, the lockout functionality is disabled when the ``DEBUG`` setting is set to ``True`` and enabled when ``DEBUG`` is ``False``. When lockout is enabled the default behavior is to automatically disable logging in after 3 failed attempts for a given username with a cool off period of 30 minutes. For more details on the default lockout settings see ``LOCKOUT_CONFIG`` in the :ref:`tethys_configuration` documentation. Configuration ============= The default behavior can be overridden with settings in your :file:`portal_config.yaml` file. For example: .. code-block:: yaml LOCKOUT_CONFIG: AXES_ENABLED: True AXES_FAILURE_LIMIT: 10 AXES_COOLOFF_TIME: 1 AXES_LOCK_OUT_BY_USER_OR_IP: True AXES_RESET_ON_SUCCESS: True For a full list of options for configuring lockout in Tethys Portal, please refer to the `Django Axes Configuration Documentation `_