From 651ad8bc96d360500e7f5953d05ef418b51acc86 Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <contact@brendanabolivier.com>
Date: Mon, 18 Mar 2019 12:57:20 +0000
Subject: Add ratelimiting on failed login attempts (#4865)

---
 docs/sample_config.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'docs')

diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index b3df272c54..84e2cc97f9 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -392,6 +392,9 @@ rc_message_burst_count: 10.0
 #     address.
 #   - one for login that ratelimits login requests based on the account the
 #     client is attempting to log into.
+#   - one for login that ratelimits login requests based on the account the
+#     client is attempting to log into, based on the amount of failed login
+#     attempts for this account.
 #
 # The defaults are as shown below.
 #
@@ -406,6 +409,9 @@ rc_message_burst_count: 10.0
 #  account:
 #    per_second: 0.17
 #    burst_count: 3
+#  failed_attempts:
+#    per_second: 0.17
+#    burst_count: 3
 
 # The federation window size in milliseconds
 #
-- 
cgit 1.5.1