Refactor #22778

Allow admin to opt-out from the Brute-force attack protection

Added by roman plevka about 4 years ago. Updated over 3 years ago.

Target version:
Bugzilla link:
Fixed in Releases:
Found in Releases:


Implementation of introduced a BFA protection, however this is not configurable at all (enable/disable, number of retries, blacklist timeout, etc.).

It would be beneficial, if I as an admin had a way of configure or completely disable the feature.

- e.g. our automation, running on a single foreman instance executes multiple tests, one of them being a negative tests trying an invalid authentication - this test typically lock the automation out from Foreman access, causing all further tests to fail.

Related issues

Related to Foreman - Feature #4238: Protection from Brute Force Password Attacks Closed2014-02-03

Associated revisions

Revision 086ed5bd (diff)
Added by Marek Hulán almost 4 years ago

Fixes #22778 - disableable bruteforce protection


#1 Updated by Og Maciel about 4 years ago

Please consider adding this RFE as its absence right now blocks QE's automation.

#2 Updated by Marek Hulán about 4 years ago

Interesting problem. I see we count to 30 if the login attempt fails. Does that mean that automation tried 30 times wrong password? Is that a single test that does that? Or what does the automation try to achieve? A workaround might be cleaning Rails cache, which is normally located at /usr/share/foreman/tmp/. Or you can try running foreman-rake tmp:clear

#3 Updated by Marek Hulán about 4 years ago

  • Related to Feature #4238: Protection from Brute Force Password Attacks added

#4 Updated by The Foreman Bot almost 4 years ago

  • Assignee set to Marek Hulán
  • Status changed from New to Ready For Testing
  • Pull request added

#5 Updated by Lukas Zapletal almost 4 years ago

  • Legacy Backlogs Release (now unused) set to 353

#6 Updated by Marek Hulán almost 4 years ago

  • % Done changed from 0 to 100
  • Status changed from Ready For Testing to Closed

#7 Updated by Marek Hulán over 3 years ago

  • Bugzilla link set to 1633360
  • Triaged set to No

Also available in: Atom PDF