diff --git a/apps/settings/serializers/auth/cas.py b/apps/settings/serializers/auth/cas.py
index 47cdfc58c..a111a236e 100644
--- a/apps/settings/serializers/auth/cas.py
+++ b/apps/settings/serializers/auth/cas.py
@@ -12,7 +12,7 @@ class CASSettingSerializer(serializers.Serializer):
     CAS_SERVER_URL = serializers.CharField(required=False, max_length=1024, label=_('Server url'))
     CAS_ROOT_PROXIED_AS = serializers.CharField(required=False, max_length=1024, label=_('Proxy server url'))
     CAS_LOGOUT_COMPLETELY = serializers.BooleanField(required=False, label=_('Logout completely'))
-    CAS_VERSION = serializers.IntegerField(required=False, label=_('Version'))
+    CAS_VERSION = serializers.IntegerField(required=False, label=_('Version'), min_value=1, max_value=3)
     CAS_USERNAME_ATTRIBUTE = serializers.CharField(required=False, max_length=1024, label=_('Username attr'))
     CAS_APPLY_ATTRIBUTES_TO_USER = serializers.BooleanField(required=False, label=_('Enable attributes map'))
     CAS_RENAME_ATTRIBUTES = serializers.DictField(required=False, label=_('Rename attr'))
diff --git a/apps/settings/serializers/auth/ldap.py b/apps/settings/serializers/auth/ldap.py
index d4eba4089..8096e5ca2 100644
--- a/apps/settings/serializers/auth/ldap.py
+++ b/apps/settings/serializers/auth/ldap.py
@@ -63,7 +63,10 @@ class LDAPSettingSerializer(serializers.Serializer):
     AUTH_LDAP_SYNC_CRONTAB = serializers.CharField(
         required=False, max_length=1024, allow_null=True, label=_('Regularly perform')
     )
-    AUTH_LDAP_CONNECT_TIMEOUT = serializers.IntegerField(required=False, label=_('Connect timeout'))
+    AUTH_LDAP_CONNECT_TIMEOUT = serializers.IntegerField(
+        min_value=1, max_value=300,
+        required=False, label=_('Connect timeout'),
+    )
     AUTH_LDAP_SEARCH_PAGED_SIZE = serializers.IntegerField(required=False, label=_('Search paged size'))
 
     AUTH_LDAP = serializers.BooleanField(required=False, label=_('Enable LDAP auth'))
diff --git a/apps/settings/serializers/cleaning.py b/apps/settings/serializers/cleaning.py
index 182a97eaa..39aae4a80 100644
--- a/apps/settings/serializers/cleaning.py
+++ b/apps/settings/serializers/cleaning.py
@@ -6,17 +6,22 @@ __all__ = ['CleaningSerializer']
 
 class CleaningSerializer(serializers.Serializer):
     LOGIN_LOG_KEEP_DAYS = serializers.IntegerField(
+        min_value=1, max_value=9999,
         label=_("Login log keep days"), help_text=_("Unit: day")
     )
     TASK_LOG_KEEP_DAYS = serializers.IntegerField(
+        min_value=1, max_value=9999,
         label=_("Task log keep days"), help_text=_("Unit: day")
     )
     OPERATE_LOG_KEEP_DAYS = serializers.IntegerField(
+        min_value=1, max_value=9999,
         label=_("Operate log keep days"), help_text=_("Unit: day")
     )
     FTP_LOG_KEEP_DAYS = serializers.IntegerField(
+        min_value=1, max_value=9999,
         label=_("FTP log keep days"), help_text=_("Unit: day")
     )
     CLOUD_SYNC_TASK_EXECUTION_KEEP_DAYS = serializers.IntegerField(
+        min_value=1, max_value=9999,
         label=_("Cloud sync record keep days"), help_text=_("Unit: day")
     )
diff --git a/apps/settings/serializers/email.py b/apps/settings/serializers/email.py
index 2ad7f84e6..a20ff080c 100644
--- a/apps/settings/serializers/email.py
+++ b/apps/settings/serializers/email.py
@@ -9,7 +9,7 @@ __all__ = ['MailTestSerializer', 'EmailSettingSerializer', 'EmailContentSettingS
 
 class MailTestSerializer(serializers.Serializer):
     EMAIL_HOST = serializers.CharField(max_length=1024, required=True)
-    EMAIL_PORT = serializers.IntegerField(default=25)
+    EMAIL_PORT = serializers.IntegerField(default=25, min_value=1, max_value=65535)
     EMAIL_HOST_USER = serializers.CharField(max_length=1024)
     EMAIL_HOST_PASSWORD = serializers.CharField(required=False, allow_blank=True)
     EMAIL_FROM = serializers.CharField(required=False, allow_blank=True)
diff --git a/apps/settings/serializers/other.py b/apps/settings/serializers/other.py
index 6d3cce454..b94875765 100644
--- a/apps/settings/serializers/other.py
+++ b/apps/settings/serializers/other.py
@@ -12,7 +12,10 @@ class OtherSettingSerializer(serializers.Serializer):
     OTP_ISSUER_NAME = serializers.CharField(
         required=False, max_length=1024, label=_('OTP issuer name'),
     )
-    OTP_VALID_WINDOW = serializers.IntegerField(label=_("OTP valid window"))
+    OTP_VALID_WINDOW = serializers.IntegerField(
+        min_value=1, max_value=10,
+        label=_("OTP valid window")
+    )
 
     WINDOWS_SSH_DEFAULT_SHELL = serializers.ChoiceField(
         choices=[
diff --git a/apps/settings/serializers/security.py b/apps/settings/serializers/security.py
index 1681b08a3..98bf38d52 100644
--- a/apps/settings/serializers/security.py
+++ b/apps/settings/serializers/security.py
@@ -69,7 +69,10 @@ class SecurityAuthSerializer(serializers.Serializer):
         required=False, default=False, label=_("Only from source login"),
         help_text=_("If enable, CAS、OIDC auth will be failed, if user not exist yet")
     )
-    SECURITY_MFA_VERIFY_TTL = serializers.IntegerField(label=_("MFA verify TTL"), help_text=_("Unit: second"))
+    SECURITY_MFA_VERIFY_TTL = serializers.IntegerField(
+        min_value=5, max_value=60*30,
+        label=_("MFA verify TTL"), help_text=_("Unit: second"),
+    )
     SECURITY_LOGIN_CAPTCHA_ENABLED = serializers.BooleanField(
         required=False, default=True,
         label=_("Enable Login captcha")