Ryan Kes PGP keyI build stuffEmail Github Twitter Last.fm Mastodon Matrix

Login Throttling

Description

Uses the Symfony RateLimiter Component to throttle brute force attacks.

Syntax

# config/packages/security.yaml
security:
    firewalls:
        default:
            # by default, the feature allows 5 login attempts per minute
            login_throttling: ~

            # configuring the maximum login attempts (per minute)
            login_throttling:
                max_attempts: 1

            # you can even use a custom rate limiter via its service ID
            login_throttling:
                limiter: app.my_login_rate_limiter

Caveats

Need to use Authenticator-based Security¹

Symfony Security
Symfony Configuration
Symfony 5.2

Footnotes

https://symfony.com/doc/current/security/experimental_authenticators.html ↩

Login Throttling

Description

Syntax

Caveats

Related

Footnotes