From 56f26f0ec8b2c6e35a89c0a9ac0845f8a235811c Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 27 Jun 2022 12:07:40 -0700 Subject: [PATCH] mediawiki: try and adjust the throttling by default to avoid proxies hitting limits Signed-off-by: Kevin Fenzi --- roles/mediawiki/templates/LocalSettings.php.fp.j2 | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/mediawiki/templates/LocalSettings.php.fp.j2 b/roles/mediawiki/templates/LocalSettings.php.fp.j2 index 176bbf4256..c09c6ec235 100644 --- a/roles/mediawiki/templates/LocalSettings.php.fp.j2 +++ b/roles/mediawiki/templates/LocalSettings.php.fp.j2 @@ -648,6 +648,18 @@ $_SERVER['HTTP_HOST'] = 'fedoraproject.org'; $_SERVER['REQUEST_SCHEME'] = 'https'; $_SERVER['SERVER_PORT'] = 443; +# +# increase password/login attempts because we use memcached and someone could +# lock a proxy out by simply trying to login from that ip a bunch of times +# +$wgPasswordAttemptThrottle = [ + // Short term limit + [ 'count' => 500, 'seconds' => 300 ], + // Long term limit. We need to balance the risk + // of somebody using this as a DoS attack to lock someone + // out of their account, and someone doing a brute force attack. + [ 'count' => 1500, 'seconds' => 60 * 60 * 48 ], +]; # Looks like mediawiki is using undefined constants.... Let's shut that up error_reporting(E_ALL ^ E_NOTICE);