Increase rate limit on protected paths (#6229)

Previously each protected path had a separate rate limit. Now they're all in the same bucket, so people are more likely to hit one with register->login. Increasing to 25 per 5 minutes should be fine.
2018-01-09 17:07:54 +01:00 · 2018-01-09 17:07:54 +01:00 · b7b0f630a0
parent 9fb57f8583
commit b7b0f630a0
1 changed files with 1 additions and 1 deletions
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@ -53,7 +53,7 @@ class Rack::Attack
    req.ip if req.api_request?
  end

-  throttle('protected_paths', limit: 5, period: 5.minutes) do |req|
+  throttle('protected_paths', limit: 25, period: 5.minutes) do |req|
    req.ip if req.post? && req.path =~ PROTECTED_PATHS_REGEX
  end