Description

Uses the Symfony RateLimiter Component to throttle brute force attacks.

Syntax

# config/packages/security.yaml
security:
    firewalls:
        default:
            # by default, the feature allows 5 login attempts per minute
            login_throttling: ~
 
            # configuring the maximum login attempts (per minute)
            login_throttling:
                max_attempts: 1
 
            # you can even use a custom rate limiter via its service ID
            login_throttling:
                limiter: app.my_login_rate_limiter

Caveats

Need to use Authenticator-based Security¹

Footnotes

https://symfony.com/doc/current/security/experimental_authenticators.html ↩

Ryan's Wiki

Explorer

Login Throttling

Description

Syntax

Caveats

Footnotes

Graph View

Table of Contents

Backlinks