Module mod_ratelimit

Rate limiting of authentication tries and other types of requests This follows https://www.owasp.org/index.php/Slow_Down_Online_Guessing_Attacks_with_Device_Cookies.

Copyright © 2019 Driebit BV

Authors: Marc Worrell (marc@worrell.nl).

Description

Rate limiting of authentication tries and other types of requests This follows https://www.owasp.org/index.php/Slow_Down_Online_Guessing_Attacks_with_Device_Cookies

Function Index

init/1Setup the mnesia tables for registering the event counters.
observe_auth_checked/2Handle the result of the password authentication, register all failures.
observe_auth_logon/3Authentication succeeded, set the device id cookie (if we have an username from auth_checked).
observe_auth_precheck/2Check if rate limiting applies to this authentication request.
observe_auth_reset/2Auth reset requested, register it against the device cookie.
observe_tick_6h/2Prune logged auth events.

Function Details

init/1

init(Context) -> any()

Setup the mnesia tables for registering the event counters.

observe_auth_checked/2

observe_auth_checked(Auth_checked, Context) -> any()

Handle the result of the password authentication, register all failures

observe_auth_logon/3

observe_auth_logon(Auth_logon, Context, X3) -> any()

Authentication succeeded, set the device id cookie (if we have an username from auth_checked)

observe_auth_precheck/2

observe_auth_precheck(Auth_precheck, Context) -> any()

Check if rate limiting applies to this authentication request

observe_auth_reset/2

observe_auth_reset(Auth_reset, Context) -> any()

Auth reset requested, register it against the device cookie

observe_tick_6h/2

observe_tick_6h(X1, Context) -> any()

Prune logged auth events


Generated by EDoc