diff --git a/src/mod/endpoints/mod_sofia/mod_sofia.h b/src/mod/endpoints/mod_sofia/mod_sofia.h
index 52307a2800..28ce0f8fb6 100644
--- a/src/mod/endpoints/mod_sofia/mod_sofia.h
+++ b/src/mod/endpoints/mod_sofia/mod_sofia.h
@@ -639,6 +639,7 @@ struct sofia_profile {
 	unsigned int mndlb;
 	uint32_t max_calls;
 	uint32_t nonce_ttl;
+	uint32_t max_auth_validity;
 	nua_t *nua;
 	switch_memory_pool_t *pool;
 	su_root_t *s_root;
diff --git a/src/mod/endpoints/mod_sofia/sofia.c b/src/mod/endpoints/mod_sofia/sofia.c
index 0f0f492e99..1eafbe4384 100644
--- a/src/mod/endpoints/mod_sofia/sofia.c
+++ b/src/mod/endpoints/mod_sofia/sofia.c
@@ -4971,6 +4971,8 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
 						}
 					} else if (!strcasecmp(var, "nonce-ttl")) {
 						profile->nonce_ttl = atoi(val);
+					} else if (!strcasecmp(var, "max-auth-validity")) {
+						profile->max_auth_validity = atoi(val);
 					} else if (!strcasecmp(var, "accept-blind-reg")) {
 						if (switch_true(val)) {
 							sofia_set_pflag(profile, PFLAG_BLIND_REG);
@@ -5390,6 +5392,11 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
 					switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_INFO, "Setting nonce TTL to 60 seconds\n");
 					profile->nonce_ttl = 60;
 				}
+				
+				if (!profile->max_auth_validity) {
+					switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_INFO, "Setting MAX Auth Validity to 0 Attempts\n");
+					profile->max_auth_validity = 0;
+				}
 
 				if (!profile->sdp_username) {
 					profile->sdp_username = switch_core_strdup(profile->pool, "FreeSWITCH");
diff --git a/src/mod/endpoints/mod_sofia/sofia_reg.c b/src/mod/endpoints/mod_sofia/sofia_reg.c
index 7e26470d73..dad7c09a36 100644
--- a/src/mod/endpoints/mod_sofia/sofia_reg.c
+++ b/src/mod/endpoints/mod_sofia/sofia_reg.c
@@ -2726,7 +2726,7 @@ auth_res_t sofia_reg_parse_auth(sofia_profile_t *profile,
 		free(sql);
 
 		//if (!sofia_glue_execute_sql2str(profile, profile->dbh_mutex, sql, np, nplen)) {
-		if (zstr(np)) {
+		if (zstr(np) || (profile->max_auth_validity != 0 && cb.last_nc >= profile->max_auth_validity )) {
 			sql = switch_mprintf("delete from sip_authentication where nonce='%q'", nonce);
 			sofia_glue_execute_sql(profile, &sql, SWITCH_TRUE);
 			ret = AUTH_STALE;