Add ratelimiting on failed login attempts (#4865)

2025-05-02 18:04:49 -04:00 · 2019-03-18 12:57:20 +00:00 · 2019-03-18 12:57:20 +00:00 · 651ad8bc96
commit 651ad8bc96
parent 899e523d6d
6 changed files with 86 additions and 5 deletions
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@ -392,6 +392,9 @@ rc_message_burst_count: 10.0
 #     address.
 #   - one for login that ratelimits login requests based on the account the
 #     client is attempting to log into.
+#   - one for login that ratelimits login requests based on the account the
+#     client is attempting to log into, based on the amount of failed login
+#     attempts for this account.
 #
 # The defaults are as shown below.
 #
@ -406,6 +409,9 @@ rc_message_burst_count: 10.0
 #  account:
 #    per_second: 0.17
 #    burst_count: 3
+#  failed_attempts:
+#    per_second: 0.17
+#    burst_count: 3

 # The federation window size in milliseconds
 #