Vaultwarden 1.2.4 released
-
I usually don't create a new topic for every new version anymore, but this announcement could be relevant for Cloudron:
Basic ratelimit for user login (including 2FA) and admin login
Could that interfere with the built-in rate limiting of Cloudron?
https://github.com/dani-garcia/vaultwarden/releases/tag/1.24.0 -
I don't think it is an issue, however essentially the more restrictive setting (Cloudron or app) will hit first. Looking at the changes at vaultwarden, their defaults are a lot more restrictive than the ones we have set in iptables as a generic default.
I also think this makes much sense. Some apps may require more stringent measures others don't. So while having a basic line of defense from the platform, the apps can add on top where applicable, since only they know which routes to protect more and which are for example just public routes which just have to be prevented from a denial of service attack.
