Increase rate limit on protected paths (#6229)
Previously each protected path had a separate rate limit. Now they're all in the same bucket, so people are more likely to hit one with register->login. Increasing to 25 per 5 minutes should be fine.remotes/1727458204337373841/tmp_refs/heads/signup-info-prompt
parent
6f5c0afe93
commit
921b781909
|
@ -53,7 +53,7 @@ class Rack::Attack
|
|||
req.ip if req.api_request?
|
||||
end
|
||||
|
||||
throttle('protected_paths', limit: 5, period: 5.minutes) do |req|
|
||||
throttle('protected_paths', limit: 25, period: 5.minutes) do |req|
|
||||
req.ip if req.post? && req.path =~ PROTECTED_PATHS_REGEX
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue