How To Prevent Flooding In Shopware 6?

Flooding In Shopware 6

Flooding is caused by transferring many requests to the server that the server is struggling to handle the load. Shopware restricts these requests according to the following rules.

Login:-

The user registered as a customer, guest, or admin user can try to log in 10 times before being delayed by the system.

  • When a user tries to attempt to log in after 10 failed logins, they have to wait for 10-second before a new login.
  • When a user tries to attempt to log in after 15 failed logins, they have to wait for a 30-second before a new login.
  • When a user tries to attempt to log in after 20 failed logins, they have to wait for a 60-second delay before a new login.

Note:- After a successful login or after 24 hours without a failed login the limit is reset.

Contact form:-

The customers can send a limited number of questions before being delayed by the system

  • When a customer sends 3 contact forms they have to wait for 30 seconds before he can send the next form.
  • When a customer sends 5 contact forms they have to wait for 60 seconds before he can send the next form.
  • When a customer sends 10 contact forms they have to wait for 90 seconds before he can send the next form.

Note:- After 24 hours the limit is reset.

Password reset:-

The customers and admin users have 3 times chances to reset their password before being delayed by the system. 

  • After 3 failed login attempts the user needs to wait 30 seconds before trying to login again.
  • After 5 failed login attempts it’s 60 seconds before trying to login again.
  • After 10 failed login attempts it’s 90 seconds before trying to login again.

Note:- After 24 hours the limit is reset.

Storefront view:-

Configuration:-

If you want to edit the file in order to activate/deactivate a function, then you have to copy the following file vendor/shopware/core/Framework/Resources/config/packages/shopware.yaml to your shop root directory under config/packages/shopware.yaml.

  • login: Storefront login for registered customers.
  • guest_login: Storefront login for guest customers.
  • OAuth: Admin area login.
  • reset_password: Storefront customer password reset.
  • user_recovery: Admin area password reset.
  • contact_form: Contact form.

The shopware.yaml file looks like this:

shopware:
    api:
       rate_limiter:
            login:
                enabled: true
                policy: 'time_backoff'
                reset: '24 hours' # reset limit after this time if no more requests failed
                limits:
                    - limit: 10
                      interval: '10 seconds'
                    - limit: 15
                      interval: '30 seconds'
                    - limit: 20
                      interval: '60 seconds'
            guest_login:
                enabled: true
                policy: 'time_backoff'
                reset: '24 hours'
                limits:
                    - limit: 10
                      interval: '10 seconds'
                    - limit: 15
                      interval: '30 seconds'
                    - limit: 20
                      interval: '60 seconds'
            oauth:
                enabled: true
                policy: 'time_backoff'
                reset: '24 hours'
                limits:
                    - limit: 10
                      interval: '10 seconds'
                    - limit: 15
                      interval: '30 seconds'
                    - limit: 20
                      interval: '60 seconds'
            reset_password:
                enabled: true
                policy: 'time_backoff'
                reset: '24 hours'
                limits:
                    - limit: 3
                      interval: '30 seconds'
                    - limit: 5
                      interval: '60 seconds'
                    - limit: 10
                      interval: '90 seconds'
            user_recovery:
                enabled: true
                policy: 'time_backoff'
                reset: '24 hours'
                limits:
                    - limit: 3
                      interval: '30 seconds'
                    - limit: 5
                      interval: '60 seconds'
                    - limit: 10
                      interval: '90 seconds'
            contact_form:
                enabled: true
                policy: 'time_backoff'
                reset: '24 hours'
                limits:
                    - limit: 3
                      interval: '30 seconds'
                    - limit: 5
                      interval: '60 seconds'
                    - limit: 10
                      interval: '90 seconds'

Note: You can disable a function by changing the corresponding line from enabled: true to enabled: false.

Please contact us at manish@bay20.com or call us at +91-8800519180 for any support related to shopware. You can also visit the Shopware development page to check the services we offer.