Meaning of "limit_sul" Error
Last Updated:
Overview
This article explains why the following 429 rate limit error is visible in the logs, even when Suspicious IP throttling and Brute Force Protection are disabled:
limit_sul
Applies To
- Rate Limit
- 429 Errors
Cause
This error log indicates too many logins with the same username. It is not a block on the user nor an attack protection feature (IP Throttling, Brute Force Protection, etc.), but rather a rate limit put in place to protect the Auth0 infrastructure against multiple fast login attempts with the same credentials.
Solution
As mentioned in Database Login Limits, a single IP address cannot make more than 20 login attempts for the same user per minute.
This rate-limiting feature, built into the platform, produces the log type "limit_sul" that is seen in the logs ("sul" meaning "single user login").
Under normal circumstances, this should not happen, and for public cloud tenants, this behavior cannot be changed.
