Throttler

class OC\Security\Bruteforce\Throttler
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)

This is based on Paragonie’s AirBrake for Airship CMS. You can find the original
Source:lib/private/Security/Bruteforce/Throttler.php#56

Properties

Methods

public OC\Security\Bruteforce\Throttler::__construct($db, $timeFactory, $logger, $config)
Source:

lib/private/Security/Bruteforce/Throttler.php#77

Parameters:
public OC\Security\Bruteforce\Throttler::registerAttempt($action, $ip, $metadata=[])
Register a failed attempt to bruteforce a security control
Source:

lib/private/Security/Bruteforce/Throttler.php#119

Parameters:
  • $action (string)
  • $ip (string)
  • $metadata (array) Optional metadata logged to the database
public OC\Security\Bruteforce\Throttler::getAttempts($ip, $action="", $maxAgeHours=12)
Get the throttling delay (in milliseconds)
Source:

lib/private/Security/Bruteforce/Throttler.php#228

Parameters:
  • $ip (string)
  • $action (string) optionally filter by action
  • $maxAgeHours (float)
Returns:

int

public OC\Security\Bruteforce\Throttler::getDelay($ip, $action="")
Get the throttling delay (in milliseconds)
Source:

lib/private/Security/Bruteforce/Throttler.php#269

Parameters:
  • $ip (string)
  • $action (string) optionally filter by action
Returns:

int

public OC\Security\Bruteforce\Throttler::resetDelay($ip, $action, $metadata)
Reset the throttling delay for an IP address, action and metadata
Source:

lib/private/Security/Bruteforce/Throttler.php#295

Parameters:
  • $ip (string)
  • $action (string)
  • $metadata (array)
public OC\Security\Bruteforce\Throttler::resetDelayForIP($ip)
Reset the throttling delay for an IP address
Source:

lib/private/Security/Bruteforce/Throttler.php#318

Parameters:
  • $ip (string)
public OC\Security\Bruteforce\Throttler::sleepDelay($ip, $action="")
Will sleep for the defined amount of time
Source:

lib/private/Security/Bruteforce/Throttler.php#336

Parameters:
  • $ip (string)
  • $action (string) optionally filter by action
Returns:

int the time spent sleeping

public OC\Security\Bruteforce\Throttler::sleepDelayOrThrowOnMax($ip, $action="")
Will sleep for the defined amount of time unless maximum was reached in the last 30 minutes
In this case a “429 Too Many Request” exception is thrown
Source:

lib/private/Security/Bruteforce/Throttler.php#351

Parameters:
  • $ip (string)
  • $action (string) optionally filter by action
Returns:

int the time spent sleeping

Throws:

\OCP\Security\Bruteforce\MaxDelayReached when reached the maximum