chore(bruteforce): allows to configure max attempts before request abort

Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
author: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> 2024-12-02 11:37:11 +0100
committer: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> 2024-12-03 10:48:10 +0100
commit: 1fd19685f1e39a19b8cb6129a96ab43ec717e01b (patch)
tree: 002a9a2aac808aa370357a4cd19c8b5dbd2a0242 /config
parent: e87ed9b5fba5e60117216933239165d4d2ab56b6 (diff)
download: nextcloud-server-1fd19685f1e39a19b8cb6129a96ab43ec717e01b.tar.gz
nextcloud-server-1fd19685f1e39a19b8cb6129a96ab43ec717e01b.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/config/config.sample.php b/config/config.sample.php
index f9dd9210336..eeaa9a7ef3d 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -432,6 +432,17 @@ $CONFIG = [
 'auth.bruteforce.protection.testing' => false,
 
 /**
+ * Brute force protection: maximum number of attempts before blocking
+ *
+ * When more than max-attempts login requests are sent to Nextcloud, requests
+ * will abort with "429 Too Many Requests".
+ * For security reasons, change it only if you know what you are doing.
+ *
+ * Defaults to ``10``
+ */
+'auth.bruteforce.max-attempts' => 10,
+
+/**
  * Whether the rate limit protection shipped with Nextcloud should be enabled or not.
  *
  * Disabling this is discouraged for security reasons.
author	Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-12-02 11:37:11 +0100
committer	Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-12-03 10:48:10 +0100
commit	1fd19685f1e39a19b8cb6129a96ab43ec717e01b (patch)
tree	002a9a2aac808aa370357a4cd19c8b5dbd2a0242 /config
parent	e87ed9b5fba5e60117216933239165d4d2ab56b6 (diff)
download	nextcloud-server-1fd19685f1e39a19b8cb6129a96ab43ec717e01b.tar.gz nextcloud-server-1fd19685f1e39a19b8cb6129a96ab43ec717e01b.zip