PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 11:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

nginx: relax admin rate limit to 60r/m burst=20 (was 10r/m burst=5)

Browse Source
This commit is contained in:
Pontoporeia
2026-03-02 15:46:31 +01:00
parent 1fb9644d5a
commit 5e1543e9a8
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
nginx/posterg.conf
View File

@@ -6,7 +6,10 @@
# Rate limiting zones
limit_req_zone $binary_remote_addr zone=general:10m rate=30r/m;
limit_req_zone $binary_remote_addr zone=search:10m rate=30r/m;
limit_req_zone $binary_remote_addr zone=admin:10m rate=10r/m;
# Admin: already protected by HTTP Basic Auth; rate limiting here only guards
# against brute-force on the auth layer, not normal browsing.
# 60r/m = 1r/s sustained, burst=20 covers rapid page navigation.
limit_req_zone $binary_remote_addr zone=admin:10m rate=60r/m;
# Main server block
server {
@@ -118,7 +121,7 @@ server {
auth_basic_user_file /etc/nginx/.htpasswd-posterg;
# Rate limiting for admin
limit_req zone=admin burst=5 nodelay;
limit_req zone=admin burst=20 nodelay;
# Content-Security-Policy - Tighter policy for admin
add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; frame-ancestors 'none';" always;