Closed corentingiraud closed 5 years ago
In which cases does this happens? It is a restriction that is only on auth routes...
Password (re)definition. It happens to a barman (in prod env) and to me when i tried to reproduce the bug. My point is: for now, a normal trafic is considered as spucious traffic...
[2018-10-18T13:55:32] warn: [RATE LIMIT REACHED]: For request /reset-password by ::ffff:127.0.0.1
As I can see, it happend for two different ips (the rate limit is set per IPs). The first one was probably done on the Wi-Fi K-Fêt and the other done on 4G. Anyway, this must have happend after 5 fails...
I can increase this number (I don't really see the point to disabled it in dev) because in the case multiple devices do request from the same network (e.g. WiFi K-Fêt), it will count as one device.
As you want :)
I will look into it tomorrow morning :smile: Anyway, I will set the reject time at 15min instead of 20min and increase number of attemps to 10 failed requests.
Describe the bug
In production, we schould increase rate limit in order to remove anoying
Too many request error
(code 429).In dev mode, we schould remove this restriction.
Screenshots
Desktop (please complete the following information): All
Smartphone (please complete the following information): All