From 085bac6e08fd6c5ef1155d7e4cc93a0482e45479 Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Tue, 7 Feb 2023 09:54:50 +0100 Subject: [PATCH] Change AUTH_RATELIMIT_IP_V6_MASK from /56 to /48 --- core/admin/mailu/configuration.py | 2 +- docs/configuration.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/core/admin/mailu/configuration.py b/core/admin/mailu/configuration.py index 2f5f6b0c..b958537c 100644 --- a/core/admin/mailu/configuration.py +++ b/core/admin/mailu/configuration.py @@ -42,7 +42,7 @@ DEFAULT_CONFIG = { 'DEFER_ON_TLS_ERROR': True, 'AUTH_RATELIMIT_IP': '5/hour', 'AUTH_RATELIMIT_IP_V4_MASK': 24, - 'AUTH_RATELIMIT_IP_V6_MASK': 56, + 'AUTH_RATELIMIT_IP_V6_MASK': 48, 'AUTH_RATELIMIT_USER': '100/day', 'AUTH_RATELIMIT_EXEMPTION': '', 'AUTH_RATELIMIT_EXEMPTION_LENGTH': 86400, diff --git a/docs/configuration.rst b/docs/configuration.rst index c867d8dd..abb0860d 100644 --- a/docs/configuration.rst +++ b/docs/configuration.rst @@ -45,7 +45,7 @@ attackers that attempt a password spraying attack. The value defines the limit o authentication attempts that will be processed on **distinct** non-existing accounts for a specific IP subnet as defined in ``AUTH_RATELIMIT_IP_V4_MASK`` (default: /24) and -``AUTH_RATELIMIT_IP_V6_MASK`` (default: /56). +``AUTH_RATELIMIT_IP_V6_MASK`` (default: /48). The ``AUTH_RATELIMIT_USER`` (default: 100/day) holds a security setting for fighting attackers that attempt to guess a user's password (typically using a password