Skip to Main Content
Return to Navigation

Setting Authentication Failure Timeout

To limit the effectiveness of DOS attacks on failed authentications, you can use the psft_failtimeout Java option. Add this option in the setEnv script and assign a value in seconds. By setting the value to 60 seconds, for example, you override the default session timeout of 120 seconds (two minutes) when a user authentication fails or when a user is not yet authenticated.

For example,

SET JAVA_OPTIONS_WIN32=-server -Xms256m -Xmx256m -Dpsft_failtimeout=60 
-XX:MaxPermSize=128m -Xcomp

To determine the proper value for this property, you need to check the time in seconds that it takes to send an http(s) request from the browser to the web server and multiply the result by 2.