prosody-modules: mod_limit_auth/README.markdown annotate

annotate mod_limit_auth/README.markdown @ 5616:59d5fc50f602

mod_http_oauth2: Implement refresh token rotation Makes refresh tokens one-time-use, handing out a new refresh token with each access token. Thus if a refresh token is stolen and used by an attacker, the next time the legitimate client tries to use the previous refresh token, it will not work and the attack will be noticed. If the attacker does not use the refresh token, it becomes invalid after the legitimate client uses it. This behavior is recommended by draft-ietf-oauth-security-topics

author	Kim Alvefur <zash@zash.se>
date	Sun, 23 Jul 2023 02:56:08 +0200
parents	4916c1b6517f
children

rev	line source
1858 5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	1 ---
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	2 summary: Throttle authentication attempts with optional tarpit
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	3 ...
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	4
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	5 Introduction
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	6 ============
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	7
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	8 This module lets you put a per-IP limit on the number of failed
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	9 authentication attempts.
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	10
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	11 It features an optioanal
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	12 [tarpit](https://en.wikipedia.org/wiki/Tarpit_%28networking%29), i.e.
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	13 waiting some time before returning an "authentication failed" response.
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	14
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	15 Configuration
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	16 =============
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	17
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	18 ``` {.lua}
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	19 modules_enabled = {
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	20 -- your other modules
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	21 "limit_auth";
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	22 }
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	23
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	24 limit_auth_period = 30 -- over 30 seconds
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	25
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	26 limit_auth_max = 5 -- tolerate no more than 5 failed attempts
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	27
2121 4916c1b6517f Update READMEs to indicate that async requires trunk (dropped from prosody 0.10) Kim Alvefur <zash@zash.se> parents: 1858 diff changeset	28 -- Will only work with Prosody trunk:
1858 5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	29 limit_auth_tarpit_delay = 10 -- delay answer this long
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	30 ```
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	31
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	32 Compatibility
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	33 =============
5daabb5fe24a mod_limit_auth: Add README Kim Alvefur <zash@zash.se> parents: diff changeset	34
2121 4916c1b6517f Update READMEs to indicate that async requires trunk (dropped from prosody 0.10) Kim Alvefur <zash@zash.se> parents: 1858 diff changeset	35 Requires 0.9 or later. The tarpit feature requires Prosody trunk.

Mercurial > prosody-modules

annotate mod_limit_auth/README.markdown @ 5616:59d5fc50f602