mediawiki: try and adjust the throttling by default to avoid proxies hitting limits

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2022-06-27 12:07:40 -07:00 · 2022-06-27 12:07:40 -07:00 · 56f26f0ec8
commit 56f26f0ec8
parent aa24d0b85b
1 changed files with 12 additions and 0 deletions
--- a/roles/mediawiki/templates/LocalSettings.php.fp.j2
+++ b/roles/mediawiki/templates/LocalSettings.php.fp.j2
@ -648,6 +648,18 @@ $_SERVER['HTTP_HOST'] = 'fedoraproject.org';
 $_SERVER['REQUEST_SCHEME'] = 'https';
 $_SERVER['SERVER_PORT'] = 443;

+#
+# increase password/login attempts because we use memcached and someone could 
+# lock a proxy out by simply trying to login from that ip a bunch of times
+#
+$wgPasswordAttemptThrottle = [
+	// Short term limit
+	[ 'count' => 500, 'seconds' => 300 ],
+	// Long term limit. We need to balance the risk
+	// of somebody using this as a DoS attack to lock someone
+	// out of their account, and someone doing a brute force attack.
+	[ 'count' => 1500, 'seconds' => 60 * 60 * 48 ],
+];

 # Looks like mediawiki is using undefined constants.... Let's shut that up
 error_reporting(E_ALL ^ E_NOTICE);