diff options
| author | Daniel García <[email protected]> | 2021-12-25 01:10:21 +0100 |
|---|---|---|
| committer | Daniel García <[email protected]> | 2021-12-25 01:12:09 +0100 |
| commit | d4eb21c2d9735e05041ecfc984974aaaec941123 (patch) | |
| tree | 438363c98afa9073cab6240a9fa99381fac6cf7c /.env.template | |
| parent | 5529264c3f35215e58758c25c9682e9ef38957ec (diff) | |
| download | vaultwarden-d4eb21c2d9735e05041ecfc984974aaaec941123.tar.gz vaultwarden-d4eb21c2d9735e05041ecfc984974aaaec941123.zip | |
Better document the new rate limiting
Diffstat (limited to '.env.template')
| -rw-r--r-- | .env.template | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/.env.template b/.env.template index ca6962b4..7fcbbfcb 100644 --- a/.env.template +++ b/.env.template @@ -268,6 +268,17 @@ ## Multiple values must be separated with a whitespace. # ALLOWED_IFRAME_ANCESTORS= +## Number of seconds, on average, between login requests from the same IP address before rate limiting kicks in. +# LOGIN_RATELIMIT_SECONDS=60 +## Allow a burst of requests of up to this size, while maintaining the average indicated by `LOGIN_RATELIMIT_SECONDS`. +## Note that this applies to both the login and the 2FA, so it's recommended to allow a burst size of at least 2. +# LOGIN_RATELIMIT_MAX_BURST=10 + +## Number of seconds, on average, between admin requests from the same IP address before rate limiting kicks in. +# ADMIN_RATELIMIT_SECONDS=300 +## Allow a burst of requests of up to this size, while maintaining the average indicated by `ADMIN_RATELIMIT_SECONDS`. +# ADMIN_RATELIMIT_MAX_BURST=3 + ## Yubico (Yubikey) Settings ## Set your Client ID and Secret Key for Yubikey OTP ## You can generate it here: https://upgrade.yubico.com/getapikey/ |