Updating rate limits to also use TOML
This commit is contained in:
🐙PiperYxzzy
35
config/dev/ratelimit.unauth.toml
Normal file
35
config/dev/ratelimit.unauth.toml
Normal file
@@ -0,0 +1,35 @@
|
||||
[[Rules]]
|
||||
# Global unauthenticated ratelimit.
|
||||
match = ""
|
||||
seconds = 60
|
||||
max = 30
|
||||
|
||||
[[Rules]]
|
||||
# Unauthenticated DOOT for server monitoring.
|
||||
match = "GET:/v1/doot"
|
||||
seconds = 5
|
||||
max = 5
|
||||
|
||||
[[Rules]]
|
||||
# Prevent bruteforce attacks on Login.
|
||||
match = "POST:/v1/login"
|
||||
seconds = 60
|
||||
max = 3
|
||||
|
||||
[[Rules]]
|
||||
# Prevent bruteforce attacks on Admin Login.
|
||||
match = "POST:/v1/admin"
|
||||
seconds = 60
|
||||
max = 1
|
||||
|
||||
[[Rules]]
|
||||
# Prevent spam account creation.
|
||||
match = "GET:/v1/adm/2fa-doot"
|
||||
seconds = 1800
|
||||
max = 1
|
||||
|
||||
[[Rules]]
|
||||
# Slow down 'forgot password' enumeration/spam.
|
||||
match = "POST:/v1/forgot"
|
||||
seconds = 60
|
||||
max = 1
|
||||
Reference in New Issue
Block a user