From a15d877ba8e12ba6659aad69d63b8b73256144ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Wed, 11 Nov 2015 12:53:43 -0500
Subject: [PATCH] Added brute-force attack prevention via login rate limit (#1490566)

---
 config/defaults.inc.php |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/config/defaults.inc.php b/config/defaults.inc.php
index 40486c5..4339523 100644
--- a/config/defaults.inc.php
+++ b/config/defaults.inc.php
@@ -386,6 +386,10 @@
 // Example: '/^[a-z0-9_@.-]+$/'
 $config['login_username_filter'] = null;
 
+// Brute-force attacks prevention.
+// The value specifies maximum number of failed logon attempts per minute.
+$config['login_rate_limit'] = 3;
+
 // Includes should be interpreted as PHP files
 $config['skin_include_php'] = false;
 

--
Gitblit v1.9.1