Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change rate limits for various paths #14253

Merged
merged 1 commit into from
Jul 7, 2020
Merged

Change rate limits for various paths #14253

merged 1 commit into from
Jul 7, 2020

Conversation

Gargron
Copy link
Member

@Gargron Gargron commented Jul 7, 2020

  • Rate limit login attempts by target account
  • Rate limit password resets and e-mail re-confirmations by target account
  • Rate limit sign-up/login attempts, password resets, and e-mail re-confirmations by IP like before

@Gargron
Change rate limits for various paths
634d2bf 
- Rate limit login attempts by target account
- Rate limit password resets and e-mail re-confirmations by target account
- Rate limit sign-up/login attempts, password resets, and e-mail re-confirmations by IP like before
@Gargron Gargron added the security Security issues and fixes, vulnerabilities label Jul 7, 2020
@Gargron Gargron merged commit 81a3db1 into master Jul 7, 2020
@Gargron Gargron deleted the fix-brute-force-login branch July 7, 2020 13:26
@ghost ghost mentioned this pull request Jul 7, 2020
Closed
@umonaca
Copy link
Contributor

umonaca commented Jul 8, 2020
edited
Loading

There are some occasions that multiple devices share the same IP behind NAT. Throttling might break user experience. Also, if the server admin misconfigures Nginx (e.g. behind Cloudflare) and does not forward real ip , most users may be blocked from accessing the server.

@umonaca umonaca mentioned this pull request Jul 8, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security Security issues and fixes, vulnerabilities
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Gargron @umonaca