From c1340a6ac35f924161e6ec2a1d728e20c89e55c8 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Thu, 4 Jul 2019 16:42:40 +0200
Subject: Add rate limit to registration and API endpoints

---
 config/default.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'config/default.yaml')

diff --git a/config/default.yaml b/config/default.yaml
index a213d5b0a..be5c8993c 100644
--- a/config/default.yaml
+++ b/config/default.yaml
@@ -10,10 +10,18 @@ webserver:
   port: 9000
 
 rates_limit:
+  api:
+    # 50 attempts in 10 seconds
+    window: 10 seconds
+    max: 50
   login:
     # 15 attempts in 5 min
     window: 5 minutes
     max: 15
+  signup:
+    # 2 attempts in 5 min (only succeeded attempts are taken into account)
+    window: 5 minutes
+    max: 2
   ask_send_email:
     # 3 attempts in 5 min
     window: 5 minutes
-- 
cgit v1.2.3