Skip to content

Ratelimits of failed login attempts ‚Äč

By default, ChiefOnboarding uses allows users to attempt 10 times before the user gets blocked by IP. You can change the defaults:


Default: True. Set to False if you want to disable blocking users from trying again (not recommended).


Default: 10. Sets the amount of attempts before user gets blocked.


Default: 24 (in hours). After 24 hours the IP address gets cleared again.


Default: True. In many cases ChiefOnboarding is deployed behind a proxy (i.e. Docker or Heroku reverse proxy). This allows you to get the IP address from the refer header. Without this, it would log internal ip addresses, which means that users will share the same ip address and get locked out unintentionally.