-
Notifications
You must be signed in to change notification settings - Fork 0
Settings
You can customize the title of your instance of this webapp. By default you will see HASS-WH-Triggers when accessing the site. A value like John Does Home will give the users not so familiar with this tool a hint on where they are, since they won't know what HASS-WH-Triggers is anyway.
This webapp uses cookies to track if a user is logged in. For security reasons this by default is set to just 15 minutes, requiring the users to re-authenticate after being inactive for this amount of time. If your setup is less strict, you can increase (or decrease) this timeout to fit your needs.
Configure how many failed attempts at logging in, registering or accessing a login-protected resource will ban the IP address of the connecting client. You can get an overview of banned IP addresses by heading to the Banlist site via the Admin menu. From there you can also manually unban clients.
This is the time for how long requests from banned IP addresses will be rejected. The main purpose of this feature is to prevent brute force attacks by slowing down the frequency at which certain functions of the webapp can be accessed. By not banning the client infinitely, he has the option to retry a login once the timeout has passed. This way legitimate users still can gain access without the help of an administrator in case they just have forgotten their credentials or failed at providing their 2nd factor correctly.
You can limit the amount of FIDO2 tokens a user can enroll. By default this is set to 1 to prohibit users from adding further tokens they might share once they have already enrolled their own token. You may raise this setting temporarily to allow users to add more tokens, and then set it back to 1 to ensure no more additional tokens will be added.
You can globally disable TOTP if you don't want users to authenticate using TOTP tokens. This will also hide the options to generate / delete TOTP tokens in the 2-Factor configuration of the users.
Alternatively you can disable TOTP per user in the users overview.
Check this checkbox if SSL verification for your webhook URIs should be disabled. Only turn this off if your Home Assistant does not use valid certificates.