Mercurial > moin > 1.9

changeset 6050:274a7f675261

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth surge protection: do not activate this in builtin default config the admin has to enable it by defining surge_action_limits in the wiki config
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Fri, 06 Jun 2014 17:11:32 +0200
parents a9567770da68
children 44a028c457be
files MoinMoin/config/multiconfig.py
diffstat 1 files changed, 5 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/config/multiconfig.py	Fri Jun 06 15:54:09 2014 +0200
+++ b/MoinMoin/config/multiconfig.py	Fri Jun 06 17:11:32 2014 +0200
@@ -858,9 +858,11 @@
         # (like photo galleries) triggering surge protection, we assign rather high limits:
         'AttachFile': (300, 30),
         'cache': (600, 30), # cache action is very cheap/efficient
-        # special stuff to prevent someone trying lots of usernames / passwords to log in:
-        'auth-ip': (10, 3600),  # same remote ip (any name)
-        'auth-name': (10, 3600),  # same name (any remote ip)
+        # special stuff to prevent someone trying lots of usernames / passwords to log in.
+        # we keep this commented / disabled so that this feature does not get activated by default
+        # (if somebody does not override surge_action_limits with own values):
+        #'auth-ip': (10, 3600),  # same remote ip (any name)
+        #'auth-name': (10, 3600),  # same name (any remote ip)
      },
      "Surge protection tries to deny clients causing too much load/traffic, see HelpOnConfiguration/SurgeProtection."),
     ('surge_lockout_time', 3600, "time [s] someone gets locked out when ignoring the warnings"),