scottk/Mailu
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/Mailu.git synced 2025-11-02 11:08:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Only account for distinct attempts in rate limits

Browse Source
This commit is contained in:
Florent Daigniere
2023-04-01 11:33:02 +02:00
parent b243ea084d
commit 04a2cdab2f
8 changed files with 17 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/configuration.rst
View File

@@ -47,10 +47,11 @@ accounts for a specific IP subnet as defined in
``AUTH_RATELIMIT_IP_V4_MASK`` (default: /24) and
``AUTH_RATELIMIT_IP_V6_MASK`` (default: /48).
The ``AUTH_RATELIMIT_USER`` (default: 100/day) holds a security setting for fighting
The ``AUTH_RATELIMIT_USER`` (default: 50/day) holds a security setting for fighting
attackers that attempt to guess a user's password (typically using a password
bruteforce attack). The value defines the limit of authentication attempts allowed
for any given account within a specific timeframe.
bruteforce attack). The value defines the limit of distinct authentication attempts
allowed for any given account within a specific timeframe. Multiple attempts for the
same account with the same password only counts for one.
The ``AUTH_RATELIMIT_EXEMPTION_LENGTH`` (default: 86400) is the number of seconds
after a successful login for which a specific IP address is exempted from rate limits.