Login Throttling
Description
Uses the Symfony RateLimiter Component to throttle brute force attacks.
Syntax
# config/packages/security.yaml
security:
firewalls:
default:
# by default, the feature allows 5 login attempts per minute
login_throttling: ~
# configuring the maximum login attempts (per minute)
login_throttling:
max_attempts: 1
# you can even use a custom rate limiter via its service ID
login_throttling:
limiter: app.my_login_rate_limiter
Caveats
Need to use Authenticator-based Security1