Increase rate limit on protected paths (#6229)

Previously each protected path had a separate rate limit. Now they're all in the same bucket, so people are more likely to hit one with register->login. Increasing to 25 per 5 minutes should be fine.
This commit is contained in:
Eugen Rochko 2018-01-09 17:07:54 +01:00 committed by GitHub
parent 6f5c0afe93
commit 921b781909
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -53,7 +53,7 @@ class Rack::Attack
req.ip if req.api_request? req.ip if req.api_request?
end end
throttle('protected_paths', limit: 5, period: 5.minutes) do |req| throttle('protected_paths', limit: 25, period: 5.minutes) do |req|
req.ip if req.post? && req.path =~ PROTECTED_PATHS_REGEX req.ip if req.post? && req.path =~ PROTECTED_PATHS_REGEX
end end