diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2018-01-09 17:07:54 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-01-09 17:07:54 +0100 |
| commit | 921b78190912b3cd74cea62fc3e773c56e8f609e (patch) | |
| tree | bbce18b503c3e955023556ee3fb65d8971ec5531 /config/initializers/rack_attack.rb | |
| parent | 6f5c0afe93e28375c736437b9bb19b48a7c54a5f (diff) | |
Increase rate limit on protected paths (#6229)
Previously each protected path had a separate rate limit. Now they're all in the same bucket, so people are more likely to hit one with register->login. Increasing to 25 per 5 minutes should be fine.
Diffstat (limited to 'config/initializers/rack_attack.rb')
| -rw-r--r-- | config/initializers/rack_attack.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb index b38fb302b..b35452f04 100644 --- a/config/initializers/rack_attack.rb +++ b/config/initializers/rack_attack.rb @@ -53,7 +53,7 @@ class Rack::Attack req.ip if req.api_request? end - throttle('protected_paths', limit: 5, period: 5.minutes) do |req| + throttle('protected_paths', limit: 25, period: 5.minutes) do |req| req.ip if req.post? && req.path =~ PROTECTED_PATHS_REGEX end |