mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-23 17:06:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

import/export: always rate limit import and exports

Browse source 
This is a departure from previous versions, which did not limit import/export
requests. Now such requests are ALWAYS rate limited. The default is 10 requests
per IP each 90 seconds, and also applies to old instances upgraded to 1.8.3.

Administrators can tune the parameters via settings.importExportRateLimiting.
This commit is contained in:
John McLear 2020-04-04 20:39:33 +00:00 committed by muxator
parent 24ee37a38f
commit c9d55c81a3
6 changed files with 67 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
src/node/utils/Settings.js
View file

@ -305,6 +305,23 @@ exports.scrollWhenFocusLineIsOutOfViewport = {
*/
exports.exposeVersion = false;
/*
* From Etherpad 1.8.3 onwards, import and export of pads is always rate
* limited.
*
* The default is to allow at most 10 requests per IP in a 90 seconds window.
* After that the import/export request is rejected.
*
* See https://github.com/nfriedly/express-rate-limit for more options
*/
exports.importExportRateLimiting = {
// duration of the rate limit window (milliseconds)
"windowMs": 90000,
// maximum number of requests per IP to allow during the rate limit window
"max": 10
};
/*
* From Etherpad 1.8.3 onwards, the maximum allowed size for a single imported
* file is always bounded.