36 lines
581 B
TOML
36 lines
581 B
TOML
[[Rules]]
|
|
# Global unauthenticated ratelimit.
|
|
match = ""
|
|
seconds = 60
|
|
max = 30
|
|
|
|
[[Rules]]
|
|
# Unauthenticated DOOT for server monitoring.
|
|
match = "GET:/v1/doot"
|
|
seconds = 5
|
|
max = 5
|
|
|
|
[[Rules]]
|
|
# Prevent bruteforce attacks on Login.
|
|
match = "POST:/v1/login"
|
|
seconds = 60
|
|
max = 3
|
|
|
|
[[Rules]]
|
|
# Prevent bruteforce attacks on Admin Login.
|
|
match = "POST:/v1/admin"
|
|
seconds = 60
|
|
max = 1
|
|
|
|
[[Rules]]
|
|
# Prevent spam account creation.
|
|
match = "GET:/v1/adm/2fa-doot"
|
|
seconds = 1800
|
|
max = 1
|
|
|
|
[[Rules]]
|
|
# Slow down 'forgot password' enumeration/spam.
|
|
match = "POST:/v1/forgot"
|
|
seconds = 60
|
|
max = 1
|