pardon me, still not understood what do you mean with the cache. on my example above yet, i still not sure which one to use, yet your hints, quite clear about database. thank you anthony. *e.g. work fine* *models/db.py* auth = Auth(db)
auth.settings.extra_fields['auth_user']= [ Field('Attempts', 'integer') ] auth.define_tables(username=True, signature=False) def login_attempts(form): username = request.vars.username row = db((db.auth_user.username == username ) ).select().first() if row is not None: db(db.auth_user.id == row.id).update(Attempts = row.Attempts + 1) db.auth_event.insert(time_stamp = request.now, client_ip = request.client, user_id = row.id, origin = '%s/%s' % (request.controller, request.function), description = '%s login failed' % (row.username) ) if row.Attempts >= 3: redirect(URL('default', 'test') ) else: redirect(URL('default', 'user/login') ) auth.settings.login_onfail.append(login_attempts) but when tried to combine with cache and banned ip it's not work (no errors occured but the result is not expected) *e.g. same code like above just a modification on if conditional* if row.Attempts >= 3: #BAN_IP_TIME = 60 * 60 * 24 # 1 day BAN_IP_TIME = 10 ban_key = request.client + 'ban' if cache.ram(ban_key, lambda: False, BAN_IP_TIME): raise HTTP(429, 'IP blocked') # maximum number of fast requests allowed before banned MAX_REQUESTS = 3 request_key = request.client + 'requests' cache.ram(request_key, lambda: 0, 1) if cache.ram.increment(request_key) > MAX_REQUESTS: cache.ram(ban_key, lambda: True, BAN_IP_TIME) redirect(URL('default', 'test') ) ref: https://groups.google.com/forum/#!searchin/web2py/Hi$2C$20Is$20there$20a$20way$20to$20block$20ip$20address$20if$20there$20are$20more$20no$20of$20requests$20from$20the$20same$20ip$20address%7Csort:relevance/web2py/5OIz8Quu6KY/1JyItKwpsE8J any idea how to achieve it using web2py? thanks and best regards, stifan -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.