Suspicious IP Throttling

Suspicious IP throttling blocks traffic from any IP address that rapidly attempts too many logins or signups. This helps protect your applications from high-velocity attacks that target multiple accounts. Suspicious IP throttling is enabled by default when you create your Auth0 tenant.

When Auth0 detects a high number of consecutive signup attempts or failed login attempts from an IP address, it suspends further attempts from that IP address. You can customize how suspicious IP throttling works for your tenant.

Enable or disable suspicious IP throttling

Auth0 strongly recommends that you do not disable suspicious IP throttling; however, you can disable and enable it from the Dashboard.

  1. Go to Dashboard > Security > Attack Protection, and select Suspicious IP Throttling.

  2. Select the toggle at the top-right corner of the page to turn suspicious IP throttling on or off.

Auth0 suspicious IP throttling settings

Let trusted IP addresses exceed throttling limits

You can make certain IP addresses exempt from suspicious IP throttling by adding them to the IP Allow List. Auth0 does not block or alert when these IP addresses exceed the throttling limits.

  1. Go to Dashboard > Security > Attack Protection, and select Suspicious IP Throttling.

  2. In the IP AllowList box, type the IP addresses and/or CIDR ranges (IPv4 or IPv6) you want to allow unlimited login and signup attempts. Separate multiple addresses or ranges with commas.

Configure the response

By default, when an IP address exceeds the limit, Auth0 sends email to administrators and suspends attempts from the IP address as described above. You can control this response by enabling or disabling each option.

Enabling attack protection features without any response settings enabled activates Monitoring mode, which records related events in your tenant log only. To learn more, read View Attack Protection Log Events.

  1. Go to Dashboard > Security > Attack Protection, and select Suspicious IP Throttling.

  2. Under Response, choose how you want Auth0 to react to high-velocity login or signup attempts:

    • To control whether to throttle traffic from an IP address that exceeds the login or signup threshold, enable or disable Limit high-velocity traffic targeting too many accounts.

    • To control whether Auth0 sends email to administrators when an IP address exceeds the login or signup threshold, enable or disable Send notification to account administrator.

Customize throttling limits and rates

You can customize how Auth0 throttles suspicious IP addresses. You can change:

  • The maximum number of consecutive, failed login and signup attempts that an IP address can make.

  • The rate at which throttled IP addresses gain new login and signup attempts.

How suspicious IP throttling works

Auth0 counts and allows login and signup attempts separately. IP addresses suspended from further login attempts can still try to sign up. IP addresses suspended from further signup attempts can still try to log in. 

Login attempts

By default, Auth0 throttles an IP address that attempts and fails 100 consecutive logins in a day. A successful login restarts the count. 

Auth0 grants an IP address a maximum of 100 login attempts per day, evenly timed over 24 hours; approximately every 15 minutes the IP address gets a new login attempt (until it has reached 100 available attempts). You can adjust the allowed frequency of attempts by changing the total number of attempts granted per day (the login throttling rate).

Signup attempts

By default, Auth0 throttles an IP address that attempts 50 total signups in a minute. Unlike logins, signup attempts do not need to be consecutive or failures. If an IP address makes 50 signup attempts, Auth0 blocks further attempts.

Auth0 grants an IP address 72,000 signup attempts per day, evenly timed over 24 hours; approximately every second the IP address gets a new signup attempt. You can adjust the allowed frequency of attempts by changing the total number of attempts granted per day (the signup throttling rate).

Customize throttling 

  1. Go to Dashboard > Security > Attack Protection, and select Suspicious IP Throttling.

    Suspicious IP throttling customization in the Auth0 dashboard
  2. Beside Suspicious IP Thresholds, select Custom.

  3. Locate Login Threshold.

    • In Maximum Attempts, set the number of consecutive, failed login attempts a single IP address can make in one day before Auth0 blocks the next attempt.

    • In Throttling Rate, set the rate at which to grant new login tokens.

  4. Locate Signup Threshold.

    • In Maximum Attempts, set the number of signup attempts a single IP address can make in one minute before Auth0 blocks the next attempt.

    • In Throttling Rate, set the rate at which to grant new signup tokens.

Special cases

Because suspicious IP throttling depends on the IP address of the user, the following use cases require additional configuration:

Learn more