Using flood control for login security

You can configure login security for your Developer Portal by using flood control.

Before you begin

You must have administrator access to the Developer Portal to complete this task.
Note: This module synchronizes the credentials of applications that are created by consumers in the Developer Portal site UI. It cannot synchronize the credentials for applications that are created by the provider in the API Manager UI.

Procedure

  1. If the administrator dashboard is not displayed, click Manage to display it.
  2. Navigate to Configuration > System > Flood Control.
  3. Enter values in the following fields in the LOGIN SETTINGS section according to your requirements:
    • Failed IP login limit (min 1) - the number of failed login attempts from the same client IP.
    • Failed IP login window in seconds (0 = Off) - the time window, in seconds, for the number of failed login attempts from the same client IP.
    • Failed User login limit (min 1) - the number of failed login attempts from a user.
    • Failed User login window in seconds (0 = Off) - the time window, in seconds, for the number of failed login attempts from a user.
  4. Enter values in the following fields in the CONTACT FORM section according to your requirements:
    • Emails sent limit - the number of emails that can be sent.
    • Emails sent window in seconds - the time window, in seconds, for the number of emails that can be sent.
  5. Click Save configuration.

What to do next

To unblock a user, see Blocking and unblocking specific users. To unblock an IP address, see Managing banned IP addresses.