Extension Login Throttle

Extension Basics

Title	Login Throttle
Name	ckanext-login-throttle
Type	Public extension
Description	Protects portal from brute-force login attacks by tracking failed attempts and temporarily locking accounts or IPs
CKAN versions	~2.9, ~2.10, ~2.11 Show details These CKAN Versions are exactely matched: 2.10.0 2.10.1 2.10.2 2.10.3 2.10.4 2.10.5 2.10.6 2.10.7 2.10.8 2.11.0 2.11.1 2.11.2 2.11.3 2.12.0 2.9.0 2.9.1 2.9.10 2.9.11 2.9.2 2.9.3 2.9.4 2.9.5 2.9.6 2.9.7 2.9.8 2.9.9
Download-Url (zip)	https://github.com/DataShades/ckanext-login-throttle.git#egg=ckanext-login-throttle
Download-Url commit date	2025-09-09
Url to repo	https://github.com/DataShades/ckanext-login-throttle
Category	Authentication & Security

Background Infos

Description (long)	Show details The login-throttle extension helps protect CKAN portals from brute-force login attacks by tracking unsuccessful login attempts in Redis and temporarily locking accounts or IP addresses after too many failures. Features include tracking failed login attempts in Redis, locking based on IP address (default) or username, temporary lockout period (default 15 minutes) after reaching attempt limit, warning email notifications to affected users when lockout occurs, and full configurability via CKAN settings. The original code was adapted from ckanext-security. Configuration allows customization of lock timeout, maximum attempt count, lock key type (IP or username), email footer template path, and notification enable/disable.
Version	1.0.0
Version release date	2025-09-09
Contact name	Yan
Contakt email	(not set)
Contact Url	(not set)

Installation Guide

Configuration hints	Requirements: - Redis (for tracking login attempts) Installation: 1. Activate CKAN virtualenv 2. Clone and install: git clone https://github.com/Datashades/ckanext-login-throttle.git cd ckanext-login-throttle pip install -e . Add to ckan.plugins: login-throttle Configuration: Lock timeout in seconds (default: 900 = 15 minutes) ckanext.login_throttle.lock_timeout = 900 Maximum login attempts before lockout (default: 10) ckanext.login_throttle.login_max_count = 10 Lock based on IP (default) or username Leave empty or omit for IP-based locking Set to ‘user_name’ for username-based locking ckanext.login_throttle.brute_force_key = user_name Path to custom email footer template (optional) Default: uses lockout_footer.txt from repo ckanext.login_throttle.brute_force_footer_path = /path/to/custom/footer.txt Disable email notifications (default: False) ckanext.login_throttle.disable_lock_notification = True Features: - Tracks failed login attempts in Redis - Locks by IP address (default) or username - Temporary lockout after max attempts reached - Warning email sent to user when locked - Fully configurable settings Original code from ckanext-security. Development: git clone https://github.com/Datashades/ckanext-login-throttle.git cd ckanext-login-throttle pip install -e . Testing: pytest –ckan-ini=test.ini
Plugins to configure (ckan.ini)	login-throttle
CKAN Settings (ckan.ini)	# ckanext.login_throttle.lock_timeout = 900 # ckanext.login_throttle.login_max_count = 10 # ckanext.login_throttle.brute_force_key = user_name # ckanext.login_throttle.brute_force_footer_path = /path/to/custom/footer.txt # ckanext.login_throttle.disable_lock_notification = True
DB migration to be executed	(not set)

<< back to Extensions