Eugen Rochko
b7b0f630a0
Increase rate limit on protected paths ( #6229 )
...
Previously each protected path had a separate rate limit. Now they're all in the same bucket, so people are more likely to hit one with register->login. Increasing to 25 per 5 minutes should be fine.
2018-01-09 17:07:54 +01:00
Eugen Rochko
31fe0d067b
Apply a 25x rate limit by IP even to authenticated requests ( #5948 )
2017-12-11 15:32:29 +01:00
Naoki Kosaka
77660c4624
Missing require 'authorization_decorator'. ( #5947 )
2017-12-09 15:12:10 +01:00
Eugen Rochko
87af0bf6cf
Rate limit by user instead of IP when API user is authenticated ( #5923 )
...
* Fix #668 - Rate limit by user instead of IP when API user is authenticated
* Fix code style issue
* Use request decorator provided by Doorkeeper
2017-12-09 14:20:02 +01:00
unarist
527eacf403
Add Content-Type header on throttled response to fix mojibake ( #4558 )
...
application/json only allows Unicode, so this prevents from wrong charset detection.
2017-08-08 15:47:35 +02:00
alpaca-tc
62738bf1a9
Localize 'throttled' ( #2755 )
2017-05-03 23:36:19 +02:00
Tristan Mahé
19881e24fe
allow localhost to bypass the ratelimit ( #2554 )
2017-04-30 00:27:49 +02:00
Eugen
e47b32072f
Add rate limits for logins and sign-ups by IP (5 in 5 minutes) ( #2079 )
...
* Add rate limits for logins and sign-ups by IP (5 in 5 minutes)
Should be enough for normal attempts
* Add rate limit for forgotten password form as well
2017-04-18 22:29:14 +02:00