In this article we explain how your system is protected from flooding. Flooding is caused by sending a high number of requests to server in such a manner that the server is struggling to handle the load. The system now restricts these requests according to the following rules.
Registered, guest- and admin users can try to login 10 times before being delayed by the system.
After a successful login or after 24 hours without a failed login the limit is reset.
The customer can send 3 contact forms in succession before being delayed by the system.
After 24 hours the limit is reset.
Storefront and admin users have 3 trys to reset there password before being delayed by the system.
After 24 hours the limit is reset.
In all new Shopware projects, there is only one lock.yaml file under config/packages/ in the installation. This can also be the case if you have carried out an update and the .yaml files under config/packages/ were not adjusted in the past.
If this is the case for you, you must create a new shopware.yaml file and insert the adjustments here!
There is no configuration located in the admin, to makes changes you need to copy the following file core /framework/resources/config/packages/shopware.yaml to your shop root directory unter config/packages/shopware.yaml, now you can edit the file in order to activate/deactivate a function.
You can disable a function by changing the corresponding line from enabled: true to enabled: false.
You can find the configuration in the shopware.yaml, this is what it looks like.
After the adjustment, php bin/console cache:clear
must be executed in the console for the changes to take effect.
shopware:
api:
rate_limiter:
login:
enabled: true
policy: 'time_backoff'
reset: '24 hours' # reset limit after this time if no more requests failed
limits:
- limit: 10
interval: '10 seconds'
- limit: 15
interval: '30 seconds'
- limit: 20
interval: '60 seconds'
guest_login:
enabled: true
policy: 'time_backoff'
reset: '24 hours'
limits:
- limit: 10
interval: '10 seconds'
- limit: 15
interval: '30 seconds'
- limit: 20
interval: '60 seconds'
oauth:
enabled: true
policy: 'time_backoff'
reset: '24 hours'
limits:
- limit: 10
interval: '10 seconds'
- limit: 15
interval: '30 seconds'
- limit: 20
interval: '60 seconds'
reset_password:
enabled: true
policy: 'time_backoff'
reset: '24 hours'
limits:
- limit: 3
interval: '30 seconds'
- limit: 5
interval: '60 seconds'
- limit: 10
interval: '90 seconds'
user_recovery:
enabled: true
policy: 'time_backoff'
reset: '24 hours'
limits:
- limit: 3
interval: '30 seconds'
- limit: 5
interval: '60 seconds'
- limit: 10
interval: '90 seconds'
contact_form:
enabled: true
policy: 'time_backoff'
reset: '24 hours'
limits:
- limit: 3
interval: '30 seconds'
- limit: 5
interval: '60 seconds'
- limit: 10
interval: '90 seconds'