From 24c07cc105ebc887db74e92b654057a3b165a56f Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Fri, 9 Apr 2021 10:57:10 +0200 Subject: [PATCH] [Security] Document the login_throttling.interval option --- security.rst | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/security.rst b/security.rst index 3b1c81f8b20..13153307ad1 100644 --- a/security.rst +++ b/security.rst @@ -500,6 +500,11 @@ You must enable this using the ``login_throttling`` setting: login_throttling: max_attempts: 3 + # configure the maximum login attempts in a custom period of time + login_throttling: + max_attempts: 3 + interval: '15 minutes' + # use a custom rate limiter via its service ID login_throttling: limiter: app.my_login_rate_limiter @@ -526,6 +531,9 @@ You must enable this using the ``login_throttling`` setting: + + + @@ -550,6 +558,12 @@ You must enable this using the ``login_throttling`` setting: 'max_attempts' => 3, ], + // configure the maximum login attempts in a custom period of time + 'login_throttling' => [ + 'max_attempts' => 3, + 'interval' => '15 minutes', + ], + // use a custom rate limiter via its service ID 'login_throttling' => [ 'limiter' => 'app.my_login_rate_limiter', @@ -558,6 +572,10 @@ You must enable this using the ``login_throttling`` setting: ], ]); +.. versionadded:: 5.3 + + The ``login_throttling.interval`` option was introduced in Symfony 5.3. + By default, login attempts are limited on ``max_attempts`` (default: 5) failed requests for ``IP address + username`` and ``5 * max_attempts`` failed requests for ``IP address``. The second limit protects against an