Hi,
According to the documentation rate limiting works when the user has been authenticated. It looks like this is not the case for the ldap-auth plugin. As a side effect i also see that when the user is successfully authenticated the logs show successful connection, but the user is anonymous “-”, example :
- user [18/Oct/2018:16:01:59 +0000] “GET /mypath HTTP/1.1” 403 49 “-” “curl/7.54.0”
- - [18/Oct/2018:16:02:26 +0000] “GET /mypath HTTP/1.1” 302 0 “-” “curl/7.54.0”
- - [18/Oct/2018:16:02:27 +0000] “GET /mypath/ HTTP/1.1” 200 40608 “-” “curl/7.54.0”
What is your recommendation, is that a bug or intentional ?
Regards,
Nikolay