From c1340a6ac35f924161e6ec2a1d728e20c89e55c8 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Thu, 4 Jul 2019 16:42:40 +0200
Subject: Add rate limit to registration and API endpoints

---
 config/production.yaml.example | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'config/production.yaml.example')

diff --git a/config/production.yaml.example b/config/production.yaml.example
index cdf6136d8..f55f5c096 100644
--- a/config/production.yaml.example
+++ b/config/production.yaml.example
@@ -9,10 +9,18 @@ webserver:
   port: 443
 
 rates_limit:
+  api:
+    # 50 attempts in 10 seconds
+    window: 10 seconds
+    max: 50
   login:
     # 15 attempts in 5 min
     window: 5 minutes
     max: 15
+  signup:
+    # 2 attempts in 5 min (only succeeded attempts are taken into account)
+    window: 5 minutes
+    max: 2
   ask_send_email:
     # 3 attempts in 5 min
     window: 5 minutes
-- 
cgit v1.2.3