diff options
| author | Joas Schilling <coding@schilljs.com> | 2024-10-24 22:04:41 +0200 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2024-10-24 22:04:41 +0200 |
| commit | 6854af0cc4eb210832eaf36b8bbd3df151832a85 (patch) | |
| tree | 007b865c3b4c46f9a650840d81539af5844c1101 | |
| parent | bc6a3e81596a1e0c9f7b3a1710376a04626de776 (diff) | |
| download | nextcloud-server-bugfix/noid/allow-to-force-db-throttler.tar.gz nextcloud-server-bugfix/noid/allow-to-force-db-throttler.zip | |
feat(bruteforce): Allow forcing the database throttlerbugfix/noid/allow-to-force-db-throttler
Using the database is most likely worse for performance, but makes investigating
issues a lot easier as it's possible to look directly at the table to see all
logged remote addresses and actions.
Signed-off-by: Joas Schilling <coding@schilljs.com>
| -rw-r--r-- | config/config.sample.php | 13 | ||||
| -rw-r--r-- | lib/private/Server.php | 3 |
2 files changed, 14 insertions, 2 deletions
diff --git a/config/config.sample.php b/config/config.sample.php index c8ee3c301ae..23e9cb5940a 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -342,7 +342,7 @@ $CONFIG = [ /** * The timeout in seconds for synchronizing address books, e.g. federated system address books (as run by `occ federation:sync-addressbooks`). - * + * * Defaults to ``30`` seconds */ 'carddav_sync_request_timeout' => 30, @@ -406,6 +406,17 @@ $CONFIG = [ 'auth.bruteforce.protection.enabled' => true, /** + * Whether the brute force protection should write into the database even when a memory cache is available + * + * Using the database is most likely worse for performance, but makes investigating + * issues a lot easier as it's possible to look directly at the table to see all + * logged remote addresses and actions. + * + * Defaults to ``false`` + */ +'auth.bruteforce.protection.force.database' => false, + +/** * Whether the brute force protection shipped with Nextcloud should be set to testing mode. * * In testing mode brute force attempts are still recorded, but the requests do diff --git a/lib/private/Server.php b/lib/private/Server.php index 2faae765960..0016e2bbb7a 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -846,7 +846,8 @@ class Server extends ServerContainer implements IServerContainer { $this->registerService(\OC\Security\Bruteforce\Backend\IBackend::class, function ($c) { $config = $c->get(\OCP\IConfig::class); - if (ltrim($config->getSystemValueString('memcache.distributed', ''), '\\') === \OC\Memcache\Redis::class) { + if (!$config->getSystemValueBool('auth.bruteforce.protection.force.database', false) + && ltrim($config->getSystemValueString('memcache.distributed', ''), '\\') === \OC\Memcache\Redis::class) { $backend = $c->get(\OC\Security\Bruteforce\Backend\MemoryCacheBackend::class); } else { $backend = $c->get(\OC\Security\Bruteforce\Backend\DatabaseBackend::class); |