self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2025-11-23 22:04:47 +02:00
Code Issues Releases Activity

Set default of AUTH_RATELIMIT_SUBNET to False. Increase default AUTH_RATELIMIT value.

Browse Source
This commit is contained in:
Diman0
2021-08-06 16:27:07 +02:00
parent bfb2665d58
commit 588904078e
4 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/configuration.rst
View File

@@ -41,7 +41,7 @@ The ``AUTH_RATELIMIT`` holds a security setting for fighting attackers that
try to guess user passwords. The value is the limit of failed authentication attempts
that a single IP address can perform against IMAP, POP and SMTP authentication endpoints.
If ``AUTH_RATELIMIT_SUBNET`` is ``True`` (which is the default), the ``AUTH_RATELIMIT``
If ``AUTH_RATELIMIT_SUBNET`` is ``True`` (default: False), the ``AUTH_RATELIMIT``
rules does also apply to auth requests coming from ``SUBNET``, especially for the webmail.
If you disable this, ensure that the rate limit on the webmail is enforced in a different
way (e.g. roundcube plug-in), otherwise an attacker can simply bypass the limit using webmail.