Mercurial > prosody-modules
annotate mod_limit_auth/README.markdown @ 5511:0860497152af
mod_http_oauth2: Record hash of client_id to allow future verification
RFC 6819 section 5.2.2.2 states that refresh tokens MUST be bound to the
client. In order to do that, we must record something that can
definitely tie the client to the grant. Since the full client_id is so
large (why we have this client_subset function), a hash is stored
instead.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 02 Jun 2023 10:14:16 +0200 |
| parents | 4916c1b6517f |
| children |
| rev | line source |
|---|---|
| 1858 | 1 --- |
| 2 summary: Throttle authentication attempts with optional tarpit | |
| 3 ... | |
| 4 | |
| 5 Introduction | |
| 6 ============ | |
| 7 | |
| 8 This module lets you put a per-IP limit on the number of failed | |
| 9 authentication attempts. | |
| 10 | |
| 11 It features an optioanal | |
| 12 [tarpit](https://en.wikipedia.org/wiki/Tarpit_%28networking%29), i.e. | |
| 13 waiting some time before returning an "authentication failed" response. | |
| 14 | |
| 15 Configuration | |
| 16 ============= | |
| 17 | |
| 18 ``` {.lua} | |
| 19 modules_enabled = { | |
| 20 -- your other modules | |
| 21 "limit_auth"; | |
| 22 } | |
| 23 | |
| 24 limit_auth_period = 30 -- over 30 seconds | |
| 25 | |
| 26 limit_auth_max = 5 -- tolerate no more than 5 failed attempts | |
| 27 | |
|
2121
4916c1b6517f
Update READMEs to indicate that async requires trunk (dropped from prosody 0.10)
Kim Alvefur <zash@zash.se>
parents:
1858
diff
changeset
|
28 -- Will only work with Prosody trunk: |
| 1858 | 29 limit_auth_tarpit_delay = 10 -- delay answer this long |
| 30 ``` | |
| 31 | |
| 32 Compatibility | |
| 33 ============= | |
| 34 | |
|
2121
4916c1b6517f
Update READMEs to indicate that async requires trunk (dropped from prosody 0.10)
Kim Alvefur <zash@zash.se>
parents:
1858
diff
changeset
|
35 Requires 0.9 or later. The tarpit feature requires Prosody trunk. |