Symfony Rate Limiter
With this Shopware version, we implemented the Symfony Rate Limiter component, in a first instance, to prevent the forms in the application from brute-force attacks, AKA "fail2ban"-behaviour. We secured the following forms by default:
Storefront customer login
Storefront password reset
Contact form
Admin panel login
Admin password reset
With a simple yaml file, this belize telegram screening feature's policy can be configured by limited trials or times, for example fixed window, token bucket etc. Please seepolicies for more details.
In the shop, it behaves like this: after triggering the limit after x requests, the user receives a message that the limit has been exceeded and the waiting period until the next request that will be processed regularly.
The best of it: you can use this component in your plugins, apps or other extensions as well. Intrigued to read more about it? Here is our documentation: limiter-to-api-route.