Mercurial > moin > 1.9
changeset 6050:274a7f675261
auth surge protection: do not activate this in builtin default config
the admin has to enable it by defining surge_action_limits in the wiki config
author | Thomas Waldmann <tw AT waldmann-edv DOT de> |
---|---|
date | Fri, 06 Jun 2014 17:11:32 +0200 |
parents | a9567770da68 |
children | 44a028c457be |
files | MoinMoin/config/multiconfig.py |
diffstat | 1 files changed, 5 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/MoinMoin/config/multiconfig.py Fri Jun 06 15:54:09 2014 +0200 +++ b/MoinMoin/config/multiconfig.py Fri Jun 06 17:11:32 2014 +0200 @@ -858,9 +858,11 @@ # (like photo galleries) triggering surge protection, we assign rather high limits: 'AttachFile': (300, 30), 'cache': (600, 30), # cache action is very cheap/efficient - # special stuff to prevent someone trying lots of usernames / passwords to log in: - 'auth-ip': (10, 3600), # same remote ip (any name) - 'auth-name': (10, 3600), # same name (any remote ip) + # special stuff to prevent someone trying lots of usernames / passwords to log in. + # we keep this commented / disabled so that this feature does not get activated by default + # (if somebody does not override surge_action_limits with own values): + #'auth-ip': (10, 3600), # same remote ip (any name) + #'auth-name': (10, 3600), # same name (any remote ip) }, "Surge protection tries to deny clients causing too much load/traffic, see HelpOnConfiguration/SurgeProtection."), ('surge_lockout_time', 3600, "time [s] someone gets locked out when ignoring the warnings"),