How can I Specifies the number of failed login attempts in PostgreSQL before the role or user is locked and unlock after a time that I want?
What about blocking IP not user. If I want ban IP after n login attempt fail, what is your suggestion and solution?
Can anyone help me?
2
Answers
PostgreSQL has no built-in capabilities to avoid brute force password attacks, except for auth_delay.
There is no way to implement that behavior directly in PostgreSQL.
What you could do is take a look at Fail2Ban, you can set it up so that it scans the PostgreSQL log files and bans IPs after some failed authentication attempts (you can configure it to fit your needs).