From bd7e1188550d67ba4029f8c3e0222c42e9fb5534 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 14 Sep 2022 12:50:13 -0700 Subject: [PATCH] mediawiki: try disabling loginattemptthrottle entirely Sometimes folks are unable to login to the wiki because there have been too many login attempts from the proxy they happen to be hitting the wiki from. Lets just disable this throttle entirely, as brute force won't work ever anyhow. Signed-off-by: Kevin Fenzi --- roles/mediawiki/templates/LocalSettings.php.fp.j2 | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/roles/mediawiki/templates/LocalSettings.php.fp.j2 b/roles/mediawiki/templates/LocalSettings.php.fp.j2 index c09c6ec235..d44b8e673c 100644 --- a/roles/mediawiki/templates/LocalSettings.php.fp.j2 +++ b/roles/mediawiki/templates/LocalSettings.php.fp.j2 @@ -648,18 +648,9 @@ $_SERVER['HTTP_HOST'] = 'fedoraproject.org'; $_SERVER['REQUEST_SCHEME'] = 'https'; $_SERVER['SERVER_PORT'] = 443; -# -# increase password/login attempts because we use memcached and someone could -# lock a proxy out by simply trying to login from that ip a bunch of times -# -$wgPasswordAttemptThrottle = [ - // Short term limit - [ 'count' => 500, 'seconds' => 300 ], - // Long term limit. We need to balance the risk - // of somebody using this as a DoS attack to lock someone - // out of their account, and someone doing a brute force attack. - [ 'count' => 1500, 'seconds' => 60 * 60 * 48 ], -]; +# do not bother to throttle login attempts +# users MUST have a valid OIDC token so brute force will get them nowhere. +$wgPasswordAttemptThrottle = false; # Looks like mediawiki is using undefined constants.... Let's shut that up error_reporting(E_ALL ^ E_NOTICE);