self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-16 10:59:53 +02:00
Code Issues Releases Activity
4,628 Commits 115 Branches 124 Tags 117 MiB
30574445e4
Commit Graph

21 Commits

Author SHA1 Message Date
Florent Daigniere
5a55d1824e Make it happen post-deduplication 2023-04-16 12:57:20 +02:00
Florent Daigniere
21ed7b69a8 ratelimit: ensure we hit the ip-ratelimit on unsuccesful attempts 
against a valid account
 2023-04-16 11:30:14 +02:00
Florent Daigniere
7dc2912770
Update core/admin/mailu/limiter.py 
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
 2023-04-02 17:11:16 +02:00
Florent Daigniere
795a7bafa2 should never happen but heh 2023-04-01 12:22:44 +02:00
Florent Daigniere
04a2cdab2f Only account for distinct attempts in rate limits 2023-04-01 11:33:02 +02:00
Alexander Graf
fa084d7b1c
Styling only 2023-02-07 08:54:13 +01:00
Florent Daigniere
294ac4adb2 Revert "Clarify" 
This reverts commit 35e9bfb8ab.
 2023-02-04 17:08:26 +01:00
Florent Daigniere
35e9bfb8ab Clarify 2023-02-04 16:54:25 +01:00
Florent Daigniere
d30f71234d Apply the mask on the IP too 2023-02-04 16:50:43 +01:00
Florent Daigniere
e2a25c79fc only account attempts for distinct usernames in ratelimits 2023-02-04 16:36:16 +01:00
Florent Daigniere
7f89a29790 Fix 2125 
Make the caller responsible to know whether the rate-limit code should
be called or not
 2022-01-03 13:38:21 +01:00
Florent Daigniere
c5bd82650f doh 2021-10-16 10:30:57 +02:00
Florent Daigniere
99c81c20a7 Introduce AUTH_RATELIMIT_EXEMPTION 
This disables rate limiting on specific CIDRs
 2021-10-16 10:26:38 +02:00
Florent Daigniere
24aadf2f52 ensure we log when the rate limiter hits 2021-09-24 10:07:41 +02:00
Florent Daigniere
89ea51d570 Implement rate-limits 2021-09-23 18:40:49 +02:00
kaiyou
8e88f1b8c3 Refactor the rate limiting code 
Rate limiting was already redesigned to use Python limits. This
introduced some unexpected behavior, including the fact that only
one criteria is supported per limiter. Docs and setup utility are
updated with this in mind.

Also, the code was made more generic, so limiters can be delivered
for something else than authentication. Authentication-specific
code was moved directly to the authentication routine.
 2020-02-09 17:38:18 +01:00
micw
7688caa784
Add missing self. 2020-01-05 19:44:06 +01:00
Michael Wyraz
70f797dbd9 Don't raise rate limit exception on hit(), only on check() 2019-12-16 18:47:21 +01:00
Michael Wyraz
a7f787f914 Make rate limit for subnet (webmail) configurable 2019-12-16 18:46:17 +01:00
Michael Wyraz
bee80b5c64 Remove rate limit reset 2019-12-06 11:02:21 +01:00
Michael Wyraz
889386b4a6 Limiter implementation 2019-12-06 09:35:21 +01:00