summaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorJoas Schilling <coding@schilljs.com>2023-04-03 07:23:34 +0200
committerJoas Schilling <coding@schilljs.com>2023-04-03 09:06:45 +0200
commit454281af03fb0e917f0135cd6ce51fec5024a0b4 (patch)
tree74aa24a99725bd1fe7d40b9b48674840517fd20d /config
parentb5da85df3a83da23d13437d13486ceabc738fc24 (diff)
downloadnextcloud-server-454281af03fb0e917f0135cd6ce51fec5024a0b4.tar.gz
nextcloud-server-454281af03fb0e917f0135cd6ce51fec5024a0b4.zip
feat(security): Allow to opt-out of ratelimit protection, e.g. for testing on CI
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'config')
-rw-r--r--config/config.sample.php11
1 files changed, 10 insertions, 1 deletions
diff --git a/config/config.sample.php b/config/config.sample.php
index 19dcc66f279..e87dee087a3 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -302,7 +302,7 @@ $CONFIG = [
/**
* The interval at which token activity should be updated.
- * Increasing this value means that the last activty on the security page gets
+ * Increasing this value means that the last activity on the security page gets
* more outdated.
*
* Tokens are still checked every 5 minutes for validity
@@ -322,6 +322,15 @@ $CONFIG = [
'auth.bruteforce.protection.enabled' => true,
/**
+ * Whether the rate limit protection shipped with Nextcloud should be enabled or not.
+ *
+ * Disabling this is discouraged for security reasons.
+ *
+ * Defaults to ``true``
+ */
+'ratelimit.protection.enabled' => true,
+
+/**
* By default, WebAuthn is available, but it can be explicitly disabled by admins
*/
'auth.webauthn.enabled' => true,