Bad login details?
Someone has just emailed me to say their IP address is banned from the booking system, and sure enough it is! It has banned them for 30 minutes.
Why would that be? And how can I sort it?
Bad login details?
The system is now set to ban specific IP addresses if it detect abuse of the login box to try and get in. You can release the bans by recycling the HAP application pool
This is causing issues, we have whole classes using this, and it appears to be blocking them at random, can I turn it off?
We have had the blocking stuff since release and not had a single issue with it (800 kids, 500 computers and 9 bookable suites only booked via HAP). It only blocks a user account for a limited time (20 mins i think) after several (4?) bad passwords attempts and represents the most basic level of "brute force" hacking protection.. (i.e. you dont want an internet facing server that a bot can just infinitely try random passwords on)
If you are having issues, i wonder if something specific is broken for you.. Are you able to verify first-hand that it is blocking incorrectly? What are the specific circumstances that a block occurs? Are the connecting via the normal homepage or directly to the booking system? Is there anything going in the event log on the server and finally can you replicate it?
Nick would be the person to advise on more detailed troubleshooting.. We use the web-log SQL functionality too and i know alot of stuff gets logged there (which can be handy for troubleshooting).
Good luck in troubleshooting your problem.
We don't have to look far I would imagine. Students getting passwords wrong is common
I sense brevity in your response.. but i was responding to your problem report:
I guess what you want should probably go into the feature requests.. and that would be granular control over the login watchdog rules. Not a bad request, especially if you have a younger user-base or if you are not using it over the Internet.
Hi both, v9 will have the ability to define an internal ip range, which will use kerberos for login (no username or password for IE, FF and Chrome will need a setting tweak), which should remove the logon prompt.
v9 will also have MaxLogonAttempts attribute of AD in the hapConfig.xml file, so you can increase the logon attempts if needed
Sounds brill nick.
Unlimited logon attempts is not supported, nor is setting it to 0, just an FYI
But if it no login is needed hopefully our younger users won't have this issue
I say it's wrong passwords, but what are the rules of it locking people out ATM so I can verify?
If it can't log the user in after 4 attempts, either bad username or password.
It also does it based on IP address and Browser, so if you have a reverse proxy server infront of the HAP+ server, the server will only see the proxy server's IP as the users address.
So, here's the current logic
if IPAddress is known AND Browser for that IPAddress is known AND the Attempts on those two is more than 4 THEN block for 20 minutes
There are currently 1 users browsing this thread. (0 members and 1 guests)