Suspicious IP Throttling - Maximum attempts and throttling rate

I am very confused by the how suspicious IP throttling works, what the maximum attempts is and what the throttling rate actually is. Can someone please explain to me simply? I have read the articles and I am confused. My understanding is that:

  1. If i set the maximum attempts to 100, it means a SINGLE IP can have 100 failed logins before it is blocked. Is this correct? How long is it blocked for?
  2. Throttling Rate - I actually do not understand this. Please advise.

Is there a way to tell what current IPs are throttled?

Hi @LexDiamonds1 ,

The Maximum Attempts is the number of failed login attempts a single IP address can make in one day before Auth0 blocks the next attempt. Setting it to 100 means a Single IP can make up to 100 failed attempts before being blocked.

The login throttling rate determines how many login attempts Auth0 grants to an IP address evenly over 24 hours. For example, a throttling rate of 100 means that Auth0 grants a new attempt approximately every 15 minutes.

Ref:

Hope the above details are helpful! Please let me know if any further queries.

Thanks!

Ok, thanks. The maximum attempts is clear now.

So, if i have a max attempt of 100 and say a throttling of 50 (1 every 30 min), it means the max attempt will never be reached. Is this right?

The Maximum Attempts controls how many failed attempts can be reached in 24 hours before the IP is blocked. If failed 101 times continuously within 10 minutes, the IP will be blocked. In this case, if the login throttling rate is set to 50, the IP will be blocked for 20 (=30-10) minutes until the a new attempt can be granted.

Does that answer your query?

yes thank you very much.

You are very welcome :grinning:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.