diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md
index 18932dc9b..27fb78895 100644
--- a/Documentation/Getting-Started/Configuration-Guide.md
+++ b/Documentation/Getting-Started/Configuration-Guide.md
@@ -1038,7 +1038,8 @@ unexpected outage happens.
 
 The maximum number of authentication failures that are tolerated before a host
 is temporarily blocked. The default value is 10 failures. After a host is
-blocked, connections from it are rejected for 60 seconds.
+blocked, connections from it are rejected for 60 seconds. To disable this
+feature, set the value to 0.
 
 Note that the configured value is not a hard limit. The number of tolerated
 failures is between `max_auth_errors_until_block` and `threads *
diff --git a/server/core/config.cc b/server/core/config.cc
index fc3d01016..976dc4a53 100644
--- a/server/core/config.cc
+++ b/server/core/config.cc
@@ -2768,7 +2768,7 @@ static int handle_global_item(const char* name, const char* value)
     {
         char* endptr;
         int intval = strtol(value, &endptr, 0);
-        if (*endptr == '\0' && intval > 0)
+        if (*endptr == '\0' && intval >= 0)
         {
             gateway.max_auth_errors_until_block = intval;
         }
diff --git a/server/core/config_runtime.cc b/server/core/config_runtime.cc
index 5be6a3fe1..c924a895f 100644
--- a/server/core/config_runtime.cc
+++ b/server/core/config_runtime.cc
@@ -928,8 +928,9 @@ bool runtime_alter_maxscale(const char* name, const char* value)
     }
     else if (key == CN_MAX_AUTH_ERRORS_UNTIL_BLOCK)
     {
-        if (int intval = get_positive_int(value))
+        if (is_valid_integer(value))
         {
+            int intval = atoi(value);
             MXS_NOTICE("Updated '%s' from %d to %d",
                        CN_MAX_AUTH_ERRORS_UNTIL_BLOCK,
                        cnf.max_auth_errors_until_block,
diff --git a/server/core/listener.cc b/server/core/listener.cc
index 0592c6b41..caf0978fc 100644
--- a/server/core/listener.cc
+++ b/server/core/listener.cc
@@ -65,27 +65,38 @@ public:
      */
     bool mark_auth_as_failed(const std::string& remote)
     {
-        auto& u = m_failures[remote];
-        u.last_failure = Clock::now();
-        return ++u.failures == config_get_global_options()->max_auth_errors_until_block;
+        bool rval = false;
+
+        if (int limit = config_get_global_options()->max_auth_errors_until_block)
+        {
+            auto& u = m_failures[remote];
+            u.last_failure = Clock::now();
+            rval = ++u.failures == limit;
+        }
+
+        return rval;
     }
 
     bool is_blocked(const std::string& remote)
     {
         bool rval = false;
-        auto it = m_failures.find(remote);
 
-        if (it != m_failures.end())
+        if (int limit = config_get_global_options()->max_auth_errors_until_block)
         {
-            auto& u = it->second;
+            auto it = m_failures.find(remote);
 
-            if (Clock::now() - u.last_failure > seconds(BLOCK_TIME))
+            if (it != m_failures.end())
             {
-                u.last_failure = Clock::now();
-                u.failures = 0;
-            }
+                auto& u = it->second;
 
-            rval = u.failures >= config_get_global_options()->max_auth_errors_until_block;
+                if (Clock::now() - u.last_failure > seconds(BLOCK_TIME))
+                {
+                    u.last_failure = Clock::now();
+                    u.failures = 0;
+                }
+
+                rval = u.failures >= limit;
+            }
         }
 
         return rval;