Add a way to configure challenge attempt ratelimiting (#2024)

* Allow submissions per minute ratelimit to be configurable * Closes #2014
2025-12-17 14:04:20 +01:00 · 2021-11-22 17:16:21 -05:00
parent a0783c334c
commit afb1a54e9b
3 changed files with 15 additions and 1 deletions
--- a/CTFd/api/v1/challenges.py
+++ b/CTFd/api/v1/challenges.py
@@ -622,7 +622,8 @@ class ChallengeAttempt(Resource):
        # Anti-bruteforce / submitting Flags too quickly
        kpm = current_user.get_wrong_submissions_per_minute(user.account_id)
-        if kpm > 10:
+        kpm_limit = int(get_config("incorrect_submissions_per_min", default=10))
        if kpm > kpm_limit:
            if ctftime():
                chal_class.fail(
                    user=user, team=team, challenge=challenge, request=request
--- a/CTFd/forms/config.py
+++ b/CTFd/forms/config.py
@@ -69,6 +69,11 @@ class AccountSettingsForm(BaseForm):
        choices=[("true", "Enabled"), ("false", "Disabled")],
        default="true",
    )
    incorrect_submissions_per_min = IntegerField(
        "Incorrect Submissions per Minute",
        widget=NumberInput(min=1),
        description="Amount of submissions allowed per minute for flag bruteforce protection (default: 10)",
    )
    submit = SubmitField("Update")
--- a/CTFd/themes/admin/templates/configs/accounts.html
+++ b/CTFd/themes/admin/templates/configs/accounts.html
@@ -54,6 +54,14 @@
 			</small>
 		</div>
 		<div class="form-group">
 			{{ form.incorrect_submissions_per_min.label }}
 			{{ form.incorrect_submissions_per_min(class="form-control", value=incorrect_submissions_per_min) }}
 			<small class="form-text text-muted">
 				{{ form.incorrect_submissions_per_min.description }}
 			</small>
 		</div>
 		<div class="form-group">
 			{{ form.name_changes.label }}
 			{{ form.name_changes(class="form-control custom-select") }}