From c9bfdbb63c7253be9c097b0a300fd1bb29373fee Mon Sep 17 00:00:00 2001 From: Jacob Fletcher Date: Mon, 28 Nov 2022 09:47:22 -0500 Subject: [PATCH] docs: rateLimit defaults --- docs/production/preventing-abuse.mdx | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/production/preventing-abuse.mdx b/docs/production/preventing-abuse.mdx index 8b1b9ca820..5cc0b7dbc0 100644 --- a/docs/production/preventing-abuse.mdx +++ b/docs/production/preventing-abuse.mdx @@ -18,12 +18,12 @@ Set the max number of failed login attempts before a user account is locked out To prevent DDoS, brute-force, and similar attacks, you can set IP-based rate limits so that once a certain threshold of requests has been hit by a single IP, further requests from the same IP will be ignored. The Payload config `rateLimit` property accepts an object with the following properties: -| Option | Description | -| ---------------------------- | -------------| -| **`window`** | Time in milliseconds to track requests per IP | -| **`max`** | Number of requests served from a single IP before limiting | -| **`skip`** | Express middleware function that can return true (or promise resulting in true) that will bypass limit | -| **`trustProxy`** | True or false, to enable to allow requests to pass through a proxy such as a load balancer or an `nginx` reverse proxy | +| Option | Description | +| ---------------------------- | ----------- | +| **`window`** | Time in milliseconds to track requests per IP. Defaults to `90000` (15 minutes). | +| **`max`** | Number of requests served from a single IP before limiting. Defaults to `500`. | +| **`skip`** | Express middleware function that can return true (or promise resulting in true) that will bypass limit. | +| **`trustProxy`** | True or false, to enable to allow requests to pass through a proxy such as a load balancer or an `nginx` reverse proxy. | Warning: