Flooding is caused by transferring many requests to the server that the server is struggling to handle the load. Shopware restricts these requests according to the following rules.
Login:-
The user registered as a customer, guest, or admin user can try to log in 10 times before being delayed by the system.
- When a user tries to attempt to log in after 10 failed logins, they have to wait for 10-second before a new login.
- When a user tries to attempt to log in after 15 failed logins, they have to wait for a 30-second before a new login.
- When a user tries to attempt to log in after 20 failed logins, they have to wait for a 60-second delay before a new login.
Note:- After a successful login or after 24 hours without a failed login the limit is reset.
Contact form:-
The customers can send a limited number of questions before being delayed by the system.
- When a customer sends 3 contact forms they have to wait for 30 seconds before he can send the next form.
- When a customer sends 5 contact forms they have to wait for 60 seconds before he can send the next form.
- When a customer sends 10 contact forms they have to wait for 90 seconds before he can send the next form.
Note:- After 24 hours the limit is reset.
Password reset:-
The customers and admin users have 3 times chances to reset their password before being delayed by the system.
- After 3 failed login attempts the user needs to wait 30 seconds before trying to login again.
- After 5 failed login attempts it’s 60 seconds before trying to login again.
- After 10 failed login attempts it’s 90 seconds before trying to login again.
Note:- After 24 hours the limit is reset.
Storefront view:-

Configuration:-
If you want to edit the file in order to activate/deactivate a function, then you have to copy the following file vendor/shopware/core/Framework/Resources/config/packages/shopware.yaml to your shop root directory under config/packages/shopware.yaml.
- login: Storefront login for registered customers.
- guest_login: Storefront login for guest customers.
- OAuth: Admin area login.
- reset_password: Storefront customer password reset.
- user_recovery: Admin area password reset.
- contact_form: Contact form.
The shopware.yaml file looks like this:
shopware:
api:
rate_limiter:
login:
enabled: true
policy: 'time_backoff'
reset: '24 hours' # reset limit after this time if no more requests failed
limits:
- limit: 10
interval: '10 seconds'
- limit: 15
interval: '30 seconds'
- limit: 20
interval: '60 seconds'
guest_login:
enabled: true
policy: 'time_backoff'
reset: '24 hours'
limits:
- limit: 10
interval: '10 seconds'
- limit: 15
interval: '30 seconds'
- limit: 20
interval: '60 seconds'
oauth:
enabled: true
policy: 'time_backoff'
reset: '24 hours'
limits:
- limit: 10
interval: '10 seconds'
- limit: 15
interval: '30 seconds'
- limit: 20
interval: '60 seconds'
reset_password:
enabled: true
policy: 'time_backoff'
reset: '24 hours'
limits:
- limit: 3
interval: '30 seconds'
- limit: 5
interval: '60 seconds'
- limit: 10
interval: '90 seconds'
user_recovery:
enabled: true
policy: 'time_backoff'
reset: '24 hours'
limits:
- limit: 3
interval: '30 seconds'
- limit: 5
interval: '60 seconds'
- limit: 10
interval: '90 seconds'
contact_form:
enabled: true
policy: 'time_backoff'
reset: '24 hours'
limits:
- limit: 3
interval: '30 seconds'
- limit: 5
interval: '60 seconds'
- limit: 10
interval: '90 seconds'
Note: You can disable a function by changing the corresponding line from enabled: true to enabled: false.
Please contact us at manish@bay20.com or call us at +91-8800519180 for any support related to shopware. You can also visit the Shopware development page to check the services we offer.