mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2024-12-29 15:26:11 -05:00
Tighten the default rate limit of creating new devices. (#15135)
This commit is contained in:
parent
6def779a1a
commit
4ed08ff72e
1
changelog.d/15135.misc
Normal file
1
changelog.d/15135.misc
Normal file
@ -0,0 +1 @@
|
|||||||
|
Tighten the login ratelimit defaults.
|
@ -1518,11 +1518,11 @@ rc_registration_token_validity:
|
|||||||
|
|
||||||
This option specifies several limits for login:
|
This option specifies several limits for login:
|
||||||
* `address` ratelimits login requests based on the client's IP
|
* `address` ratelimits login requests based on the client's IP
|
||||||
address. Defaults to `per_second: 0.17`, `burst_count: 3`.
|
address. Defaults to `per_second: 0.003`, `burst_count: 5`.
|
||||||
|
|
||||||
* `account` ratelimits login requests based on the account the
|
* `account` ratelimits login requests based on the account the
|
||||||
client is attempting to log into. Defaults to `per_second: 0.17`,
|
client is attempting to log into. Defaults to `per_second: 0.03`,
|
||||||
`burst_count: 3`.
|
`burst_count: 5`.
|
||||||
|
|
||||||
* `failed_attempts` ratelimits login requests based on the account the
|
* `failed_attempts` ratelimits login requests based on the account the
|
||||||
client is attempting to log into, based on the amount of failed login
|
client is attempting to log into, based on the amount of failed login
|
||||||
|
@ -87,9 +87,18 @@ class RatelimitConfig(Config):
|
|||||||
defaults={"per_second": 0.1, "burst_count": 5},
|
defaults={"per_second": 0.1, "burst_count": 5},
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# It is reasonable to login with a bunch of devices at once (i.e. when
|
||||||
|
# setting up an account), but it is *not* valid to continually be
|
||||||
|
# logging into new devices.
|
||||||
rc_login_config = config.get("rc_login", {})
|
rc_login_config = config.get("rc_login", {})
|
||||||
self.rc_login_address = RatelimitSettings(rc_login_config.get("address", {}))
|
self.rc_login_address = RatelimitSettings(
|
||||||
self.rc_login_account = RatelimitSettings(rc_login_config.get("account", {}))
|
rc_login_config.get("address", {}),
|
||||||
|
defaults={"per_second": 0.003, "burst_count": 5},
|
||||||
|
)
|
||||||
|
self.rc_login_account = RatelimitSettings(
|
||||||
|
rc_login_config.get("account", {}),
|
||||||
|
defaults={"per_second": 0.003, "burst_count": 5},
|
||||||
|
)
|
||||||
self.rc_login_failed_attempts = RatelimitSettings(
|
self.rc_login_failed_attempts = RatelimitSettings(
|
||||||
rc_login_config.get("failed_attempts", {})
|
rc_login_config.get("failed_attempts", {})
|
||||||
)
|
)
|
||||||
|
Loading…
Reference in New Issue
Block a user