Redis failed login attempts - Nineya|java/go/python

Hi, How can I Specifies the number of failed login attempts before the user is locked and unlock after a time that I want? Can anyone help me?

Comment From: itamarhaber

Hello @arezvani

Redis doesn't have this functionality. If I understand correctly, this type of functionality is usually implemented in places where a human needs to enter the credentials and as protection against brute force attacks. Redis primarily serves software agents that do not make typos making such a mechanism less relevant in this context.

Can you share more details about your specific reason/use case for needing this?

Comment From: zuiderkwast

Hi! I agree with @itamarhaber and also interested in your exact use case.

Similar topics have been discussed before in #1241, #10368 and #11146.

It seems the current recommendation is that Redis will try to log failed auth attempts and then other tools (load balancer, etc.) can use the log to block users by IP, etc. That said, it seems that it's not impossible that Redis in the future maybe possibly can implement some blocking feature or delay the response of AUTH, either in the core or as a module, to protect against DoS attacks, but we need to understand the use cases better.