Open olegbliaher opened 2 hours ago
Hello @olegbliaher, thanks for contributing to the Password Pusher community! We will respond as soon as possible.
Hi @olegbliaher - I can do that. But if you want it to apply to all logged in users, there might be a better solution rather than by IP:
throttle("req/minute/ip", limit: 120, period: 1.minute) do |req|
req.ip if req.session[:warden] && req.session[:warden]["user.user.id"].nil? && !req.path.start_with?("/assets")
end
Needs testing though.
Hi @pglombardo, thank you for the very swift response! Personally, I'd prefer excluding all logged-in users, instead of dealing with IP-addresses and ranges.
Your suggestion looks perfect.
Sounds good - I have a couple other things in progress right but hopefully I can add this over the weekend. I'll update once the addition is out. Thanks for pointing this out!
Checklist
issues
.discussions
.❓ Question
Is it possible to exclude logged in users from rate-limits?
📎 Additional context
Running pwpush 1.47.1 with Caddy.
I also noticed I can configure
safelist_ip
-addresses viaconfig/initializers/rack_attack.rb
. Would be nice if it would be possible to specify those IP-addresses as an environment variable.