|
DeterministicESPAsyncWebServer v6.27.1
Zero-allocation, bounded-execution async HTTP server for ESP32
|
Per-peer brute-force lockout for HTTP auth (DETWS_ENABLE_AUTH_LOCKOUT). More...
#include "ServerConfig.h"Go to the source code of this file.
Per-peer brute-force lockout for HTTP auth (DETWS_ENABLE_AUTH_LOCKOUT).
Tracks consecutive failed authentications per source address in a fixed BSS table (no heap). The key is the full family-tagged address (DetIp), so an IPv4 and an IPv6 peer are always distinct buckets and no attacker can share or poison another address's state through a lossy hash collision. After DETWS_AUTH_LOCKOUT_THRESHOLD consecutive failures an address is locked out for DETWS_AUTH_LOCKOUT_BASE_MS, doubling on each further failure up to DETWS_AUTH_LOCKOUT_MAX_MS; a successful auth clears the address. Compiled only when DETWS_ENABLE_AUTH_LOCKOUT is set (the host unit tests enable it and drive it with a synthetic millisecond clock). An unspecified address (family DetIpFamily::DET_IP_NONE or all-zero) is untrackable and is never locked.
Definition in file auth_lockout.h.