Add ratelimiting on login (#4821)

Add two ratelimiters on login (per-IP address and per-userID).

1 files changed, 28 insertions, 11 deletions

diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index 5f2534e465..b3df272c54 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -379,6 +379,34 @@ rc_messages_per_second: 0.2
 #
 rc_message_burst_count: 10.0
 
+# Ratelimiting settings for registration and login.
+#
+# Each ratelimiting configuration is made of two parameters:
+#   - per_second: number of requests a client can send per second.
+#   - burst_count: number of requests a client can send before being throttled.
+#
+# Synapse currently uses the following configurations:
+#   - one for registration that ratelimits registration requests based on the
+#     client's IP address.
+#   - one for login that ratelimits login requests based on the client's IP
+#     address.
+#   - one for login that ratelimits login requests based on the account the
+#     client is attempting to log into.
+#
+# The defaults are as shown below.
+#
+#rc_registration:
+#  per_second: 0.17
+#  burst_count: 3
+#
+#rc_login:
+#  address:
+#    per_second: 0.17
+#    burst_count: 3
+#  account:
+#    per_second: 0.17
+#    burst_count: 3
+
 # The federation window size in milliseconds
 #
 federation_rc_window_size: 1000
@@ -403,17 +431,6 @@ federation_rc_reject_limit: 50
 #
 federation_rc_concurrent: 3
 
-# Number of registration requests a client can send per second.
-# Defaults to 1/minute (0.17).
-#
-#rc_registration_requests_per_second: 0.17
-
-# Number of registration requests a client can send before being
-# throttled.
-# Defaults to 3.
-#
-#rc_registration_request_burst_count: 3.0
-
 
 
 # Directory where uploaded images and attachments are stored.