This topic explains the settings related to user authentication and the blocking of users who fail to authenticate correctly.
This is configured under Settings - Behavior - Authentication in the FotoWeb site configuration.
Windows Networking Authentication
Enter the name of the domain that you want to use to check the password of users with the OS Authentication method enabled. FotoWeb supports only one domain.
Using this authentication mechanism, a third-party server component can access the FotoWeb API with administrator privileges. Once an API key has been set, it should not be changed as this will break any existing server-server integrations. You should use a complex API key to reduce the possibility that potential hackers can guess it and exploit the site.
If the API key field is empty, server-to-server integration is disabled.
Max Failed Login Attempts from Single IP Address
FotoWeb counts the number of failed login attempts per IP address. If the count exceeds the number set in this option, all requests from this IP address will be rejected by FotoWeb until the system is restarted. This option will stop password-guessing hackers from being able to access your system. Access to FotoWeb through a proxy will not block the proxy's IP address, however.
To disable IP lockout functionality you can set the value to 0. You may for instance do this if you would rather let the Active Directory handle barring of IP addresses to avoid a brute force attack.