khanh.pndc/nextcloud-docs
1
0
Fork 0
mirror of https://github.com/nextcloud/documentation.git synced 2026-01-03 02:09:45 +07:00
Code Issues Packages Projects Releases Wiki Activity

Update bruteforce_configuration.rst: Drop feature history

Browse Source 
Signed-off-by: Josh <josh.t.richards@gmail.com>
This commit is contained in:
Josh
2024-02-17 12:33:14 -05:00
committed by GitHub
parent 08b9d4a09b
commit 7e503a2c12
1 changed files with 0 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
admin_manual/configuration_server/bruteforce_configuration.rst
View File

@@ -155,42 +155,3 @@ It's possible to exclude IP addresses from the brute force protection.
Any excluded IP address can perform authentication attempts without any throttling.
It's best to exclude as few IP addresses as you can, or even none at all.
Additional Details
------------------
Feature History
~~~~~~~~~~~~~~~
(Notable)
* Server 10.0:
- Added: Initial implementation
* Server 12.0:
- Fixed: Disregard existing recent attempts immediately if BPF is disabled manually
- Added: Admin security settings section for managing some parameters (via the ``bruteforcesettings`` shipped app)
- Added: Enable the admin to exclude IP addresses from throttling (via the ``bruteforcesettings`` shipped app)
* Server 13.0
- Changed: Reset bruteforce attempts upon successful login (only the entries associated with that user from that IP)
* Server 14.0
- Fixed: Avoid unintentional client authentication timeouts (for well behaving clients)
* Server 15.0
- Changed: Reset bruteforce attempts upon successful token refresh when using OAuth
* Server 18.0
- Fixed: Handle scoped IPv6 addresses
* Server 20.0
- Changed: When maximum delay is reached and maximum attempts permitted have been exceeded within the past 30 minutes, return "429 Too Many Requests" until no longer the true
- Added: ``occ`` command to reset bruteforce attempts for an IP (``occ security:bruteforce:reset``)
* Server 21.0
- Added: Once a day cronjob added to cleanup stale attempt entries
- Changed: Delete all entries >48 hours old
* Server 24.0
- Added: Logging of throttling or blocking (info level)
* Server 28.0
- Fixed: Reset bruteforce attempts upon successful sudo attempt
- Added: Memcache based backend
- Added: Show admins when they are throttled (via standard setup checks)
- Added: Show current user throttling status (via the ``bruteforcesettings`` app)
* Server 29.0
- Fixed: Don't throw a "500 Internal Server Error" when MaxDelayReached; instead return a "429 Too Many Requests"
- Fixed: Prevent setting empty IP masks when adding an exclusion (in the ``bruteforcesetting`` app)