eliott/ocis
1
0
Fork 0
mirror of https://github.com/owncloud/ocis synced 2026-04-25 17:25:21 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
f2c73cdc45478f5aa6fc4c3fc315e0eb503174fd
ocis/services/storage-publiclink
History
Martin Mattel 64989451aa remove textblock on request
2026-01-23 14:39:09 +01:00
..
cmd/storage-publiclink
only register signal handling once
2024-07-29 16:28:13 +02:00
pkg
adding doc related content
2026-01-23 13:52:03 +01:00
Makefile
rename folder extensions -> services
2022-06-27 14:05:36 +02:00
README.md
remove textblock on request
2026-01-23 14:39:09 +01:00

README.md

storage-publiclink

Brute Force Protection

The brute force protection will prevent access to public links if wrong passwords are entered. The implementation is very similar to a rate limiter, but taking into account only wrong password attempts.

By default, you're allowed a maximum of 5 failed attempts in 1 hour:

  • STORAGE_PUBLICLINK_BRUTEFORCE_MAXATTEMPTS=5
  • STORAGE_PUBLICLINK_BRUTEFORCE_TIMEGAP=1h

You can adjust those values to your liking in order to define the failure rate threshold (5 failures per hour, by default).

If the failure rate threshold is exceeded, the public link will be blocked until such rate goes below the threshold. This means that it will remain blocked for an undefined time: a couple of seconds in the best case, or up to STORAGE_PUBLICLINK_BRUTEFORCE_TIME in the worst case.

If the public link is blocked by the brute force protection, it will be blocked for all the users.

As said, this feature is enabled by default, with a 5 failures per hour rate. If you want to disable this feature, set the related configuration values to 0.

Reference in New Issue View Git Blame Copy Permalink