Change AUTH_RATELIMIT_IP_V6_MASK from /56 to /48

1 year ago · 085bac6e08
parent fa084d7b1c
commit 085bac6e08
2 changed files with 2 additions and 2 deletions
--- a/core/admin/mailu/configuration.py
+++ b/core/admin/mailu/configuration.py
@ -42,7 +42,7 @@ DEFAULT_CONFIG = {
    'DEFER_ON_TLS_ERROR': True,
    'AUTH_RATELIMIT_IP': '5/hour',
    'AUTH_RATELIMIT_IP_V4_MASK': 24,
-    'AUTH_RATELIMIT_IP_V6_MASK': 56,
+    'AUTH_RATELIMIT_IP_V6_MASK': 48,
    'AUTH_RATELIMIT_USER': '100/day',
    'AUTH_RATELIMIT_EXEMPTION': '',
    'AUTH_RATELIMIT_EXEMPTION_LENGTH': 86400,
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@ -45,7 +45,7 @@ attackers that attempt a password spraying attack. The value defines the limit o
 authentication attempts that will be processed on **distinct** non-existing
 accounts for a specific IP subnet as defined in
 ``AUTH_RATELIMIT_IP_V4_MASK`` (default: /24) and
-``AUTH_RATELIMIT_IP_V6_MASK`` (default: /56).
+``AUTH_RATELIMIT_IP_V6_MASK`` (default: /48).

 The ``AUTH_RATELIMIT_USER`` (default: 100/day) holds a security setting for fighting
 attackers that attempt to guess a user's password (typically using a password