Triggering IP lockout
You can configure a lockout of an IP address for authentication attempts using the IP LOCKOUT DURATION , IP LOCKOUT INTERVAL , and MAX IP FAILURE system variables at Manage the system > Policies > Options.
The IP lockout applies to all failed authentication attempts.
To set up an IP lockout, you must set a value for MAX IP FAILURE to indicate the maximum number of failed login attempts.
You can enter a custom value for the IP LOCKOUT DURATION to determine the number of seconds for which the IP will be locked out. The default value is 60 seconds. After the configured amount of time has elapsed, authentication attempts can resume once again for any account from this IP address.
You can also use the ipunlock program to immediately unlock an IP address.
You can set IP LOCKOUT INTERVAL to change the number of seconds to wait between a failed login attempt and the next login attempt. The default value is 5 seconds. The lockout counter is increased for each failed authentication attempt during this interval period and then reset once the configured number of seconds has been reached.
When disabling the IP lockout functionality, disabling MAX IP FAILURE alone does not automatically clear any outstanding IP locks. The configured IP lockout duration as defined by IP LOCKOUT DURATION must be reached, or you must run ipunlock to allow authentication attempts once again for an IP address.
See usage information for ipunlock .
IP lockout events
The following IP lockout options can be accessed from Manage the system > Maintenance > System variables or Manage the system > Policies > Options.
Option | Description |
|---|---|
REMOTE IP LOCKED | Program to execute when an IP address is locked out. |
REMOTE IP UNLOCKED | Program to execute when an IP address is unlocked. |
See Event Actions for more information about event configuration.