annotate mod_limit_auth/README.markdown @ 5446:dd7bddc87f98

mod_http_oauth2: Fix inclusion of role in refreshed access tokens `refresh_token_info` does not carry the role, and due to behavior prior to prosody trunk rev a1ba503610ed it would have reverted to the users' default role. After that it instead issues a token without role which is thus not usable with e.g. mod_rest
author Kim Alvefur <zash@zash.se>
date Thu, 11 May 2023 21:37:35 +0200
parents 4916c1b6517f
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1858
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 ---
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 summary: Throttle authentication attempts with optional tarpit
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 ...
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 Introduction
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 ============
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 This module lets you put a per-IP limit on the number of failed
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 authentication attempts.
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 It features an optioanal
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 [tarpit](https://en.wikipedia.org/wiki/Tarpit_%28networking%29), i.e.
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 waiting some time before returning an "authentication failed" response.
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 Configuration
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 =============
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 ``` {.lua}
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 modules_enabled = {
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 -- your other modules
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 "limit_auth";
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 }
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 limit_auth_period = 30 -- over 30 seconds
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 limit_auth_max = 5 -- tolerate no more than 5 failed attempts
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27
2121
4916c1b6517f Update READMEs to indicate that async requires trunk (dropped from prosody 0.10)
Kim Alvefur <zash@zash.se>
parents: 1858
diff changeset
28 -- Will only work with Prosody trunk:
1858
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 limit_auth_tarpit_delay = 10 -- delay answer this long
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 ```
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 Compatibility
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 =============
5daabb5fe24a mod_limit_auth: Add README
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34
2121
4916c1b6517f Update READMEs to indicate that async requires trunk (dropped from prosody 0.10)
Kim Alvefur <zash@zash.se>
parents: 1858
diff changeset
35 Requires 0.9 or later. The tarpit feature requires Prosody trunk.