diff MoinMoin/config/multiconfig.py @ 6050:274a7f675261

auth surge protection: do not activate this in builtin default config the admin has to enable it by defining surge_action_limits in the wiki config
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Fri, 06 Jun 2014 17:11:32 +0200
parents ee7209311a0e
children 5fb9d0f4af89
line wrap: on
line diff
--- a/MoinMoin/config/multiconfig.py	Fri Jun 06 15:54:09 2014 +0200
+++ b/MoinMoin/config/multiconfig.py	Fri Jun 06 17:11:32 2014 +0200
@@ -858,9 +858,11 @@
         # (like photo galleries) triggering surge protection, we assign rather high limits:
         'AttachFile': (300, 30),
         'cache': (600, 30), # cache action is very cheap/efficient
-        # special stuff to prevent someone trying lots of usernames / passwords to log in:
-        'auth-ip': (10, 3600),  # same remote ip (any name)
-        'auth-name': (10, 3600),  # same name (any remote ip)
+        # special stuff to prevent someone trying lots of usernames / passwords to log in.
+        # we keep this commented / disabled so that this feature does not get activated by default
+        # (if somebody does not override surge_action_limits with own values):
+        #'auth-ip': (10, 3600),  # same remote ip (any name)
+        #'auth-name': (10, 3600),  # same name (any remote ip)
      },
      "Surge protection tries to deny clients causing too much load/traffic, see HelpOnConfiguration/SurgeProtection."),
     ('surge_lockout_time', 3600, "time [s] someone gets locked out when ignoring the warnings"),