Add support for resetting the request count for an IP address #33
Comments
|
Hello, Yeah it could become handy. However, I'm afraid I don't have much time at the moment to develop new features... Thank you. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm using your middleware to protect our API's login endpoint. When a user successfully logs in, I would like to reset the request counter for that user's IP address. That way, other users on the same network (with the same IP address) isn't punished.
This is particularly important when an API is used by lots of users in an office environment where everybody is logging in from the same IP address.
Currently I have to set the daily attempt limit to the maximum amount of users behind a single IP address times 5 (for example). This makes the login endpoint of the API significantly easier to brute-force using a botnet.
(This is offset by a strong password requirement and a slow server side hashing algorithm, but the high rate limit still makes the API much easier to DDOS with a much smaller botnet)
TLDR: It would be very nice to be able to clear a single key from the storage. This will allow setting much more strict limits.
The text was updated successfully, but these errors were encountered: