Page MenuHomePhabricator

Disable login rate limiting in Wikispore
Closed, ResolvedPublic

Description

It's 1) broken because it sees the IP of the web proxy, not the IP of the user, 2) not useful anyway because Wikispore uses remote login. If Wikimedia SSO returns a user identity but we can't match it to a local user (e.g. because of username filters), that will be counted as a login failure, but it's not relevant for throttles meant to limit password guessing.

Event Timeline

Tgr moved this task from Backlog to Next-up on the Wikispore board.

This is a new issue I guess triggered by some update, it didn't affect us before.

More likely we just didn't hit the rate limit until now.

Tgr claimed this task.
Tgr moved this task from Next-up to Done on the Wikispore board.