more help; rate-limit password resets

lobsters · Jul 5, 2021 · eaaa25b · eaaa25b
1 parent 10bab4a
commit eaaa25b
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
@@ -1,3 +1,7 @@
+# if you are looking at this file because your RSS reader is triggering the
+# rate-limiting, you can replace separate checks of /t/c.rss and /t/python.rss
+# with a single check of /t/c,python.rss (you can add many tags)
+
 Rack::Attack.safelist('localhost') do |req|
   '127.0.0.1' == req.ip || '::1' == req.ip
 end
@@ -14,7 +18,8 @@
 end
 # at some point they'll proceed to testing credentials
 Rack::Attack.throttle("login", limit: 4, period: 60) do |request|
-  request.ip if request.post? && request.path == '/login'
+  request.ip if request.post? &&
+                (request.path == '/login' || request.path == '/login/set_new_password')
 end
 
 # explain the throttle