From 676971e699a688b23e1b0f223bedca8b42c430c7 Mon Sep 17 00:00:00 2001 From: umut Date: Wed, 8 Apr 2026 15:57:39 +0200 Subject: [PATCH 1/3] docs: Add documentation for per-user and per-IP rate limiters --- guides/hosting/infrastructure/rate-limiter.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/guides/hosting/infrastructure/rate-limiter.md b/guides/hosting/infrastructure/rate-limiter.md index d0c17b6cdb..0490595c1a 100644 --- a/guides/hosting/infrastructure/rate-limiter.md +++ b/guides/hosting/infrastructure/rate-limiter.md @@ -36,7 +36,6 @@ In the following, you can find a list of the default limiters: - `reset_password`: Storefront / Store-API customer password reset. - `user_recovery`: Administration user password recovery. - `contact_form`: Storefront / Store-API contact form. - ```yaml // /config/packages/shopware.yaml shopware: @@ -55,6 +54,15 @@ shopware: interval: '60 seconds' ``` +::: info +The following optional limiters are available starting with Shopware 6.7.10.0. +::: +- `login_user`: Storefront / Store-API customer authentication per email address, regardless of IP. +- `login_client`: Storefront / Store-API customer authentication per IP address, regardless of email. +- `oauth_user`: API oauth authentication / Administration login per username, regardless of IP. +- `oauth_client`: API oauth authentication / Administration login per IP address, regardless of username. + + ### Configuring time backoff policy The `time_backoff` policy is built by Shopware itself. It enables you to throttle the request in multiple steps with different waiting times. From 7af8aa6c2683bd293be8524fda114d14438be786 Mon Sep 17 00:00:00 2001 From: umut Date: Wed, 8 Apr 2026 16:00:37 +0200 Subject: [PATCH 2/3] cs fix --- guides/hosting/infrastructure/rate-limiter.md | 1 + 1 file changed, 1 insertion(+) diff --git a/guides/hosting/infrastructure/rate-limiter.md b/guides/hosting/infrastructure/rate-limiter.md index 0490595c1a..5fe0d92d5c 100644 --- a/guides/hosting/infrastructure/rate-limiter.md +++ b/guides/hosting/infrastructure/rate-limiter.md @@ -36,6 +36,7 @@ In the following, you can find a list of the default limiters: - `reset_password`: Storefront / Store-API customer password reset. - `user_recovery`: Administration user password recovery. - `contact_form`: Storefront / Store-API contact form. + ```yaml // /config/packages/shopware.yaml shopware: From 0e340cb73de4a3e1b865739826d35481a5cbcd17 Mon Sep 17 00:00:00 2001 From: umut Date: Wed, 8 Apr 2026 16:20:29 +0200 Subject: [PATCH 3/3] Fix markdown linting errors in rate limiter docs --- guides/hosting/infrastructure/rate-limiter.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guides/hosting/infrastructure/rate-limiter.md b/guides/hosting/infrastructure/rate-limiter.md index 5fe0d92d5c..68af7f3ed7 100644 --- a/guides/hosting/infrastructure/rate-limiter.md +++ b/guides/hosting/infrastructure/rate-limiter.md @@ -58,12 +58,12 @@ shopware: ::: info The following optional limiters are available starting with Shopware 6.7.10.0. ::: + - `login_user`: Storefront / Store-API customer authentication per email address, regardless of IP. - `login_client`: Storefront / Store-API customer authentication per IP address, regardless of email. - `oauth_user`: API oauth authentication / Administration login per username, regardless of IP. - `oauth_client`: API oauth authentication / Administration login per IP address, regardless of username. - ### Configuring time backoff policy The `time_backoff` policy is built by Shopware itself. It enables you to throttle the request in multiple steps with different waiting times.