docs: rateLimit defaults

2022-11-28 09:47:22 -05:00
parent a0d03667c5
commit c9bfdbb63c
1 changed files with 6 additions and 6 deletions
--- a/docs/production/preventing-abuse.mdx
+++ b/docs/production/preventing-abuse.mdx
@@ -18,12 +18,12 @@ Set the max number of failed login attempts before a user account is locked out

 To prevent DDoS, brute-force, and similar attacks, you can set IP-based rate limits so that once a certain threshold of requests has been hit by a single IP, further requests from the same IP will be ignored. The Payload config `rateLimit` property accepts an object with the following properties:

-| Option                       | Description  |
-| ---------------------------- | -------------|
-| **`window`**                 | Time in milliseconds to track requests per IP |
-| **`max`**                    | Number of requests served from a single IP before limiting |
-| **`skip`**                   | Express middleware function that can return true (or promise resulting in true) that will bypass limit |
-| **`trustProxy`**             | True or false, to enable to allow requests to pass through a proxy such as a load balancer or an `nginx` reverse proxy |
+| Option                       | Description |
+| ---------------------------- | ----------- |
+| **`window`**                 | Time in milliseconds to track requests per IP. Defaults to `90000` (15 minutes). |
+| **`max`**                    | Number of requests served from a single IP before limiting. Defaults to `500`. |
+| **`skip`**                   | Express middleware function that can return true (or promise resulting in true) that will bypass limit. |
+| **`trustProxy`**             | True or false, to enable to allow requests to pass through a proxy such as a load balancer or an `nginx` reverse proxy. |

 <Banner type="warning">
  <strong>Warning:</strong><br/>