github.com/letsencrypt/boulder@v0.20251208.0/test/rate-limit-policies.yml

github.com/letsencrypt/boulder@v0.20251208.0/test/rate-limit-policies.yml (about)

     1  # See cmd/shell.go for definitions of these rate limits.
     2  certificatesPerName:
     3    window: 2160h
     4    threshold: 2
     5    overrides:
     6      ratelimit.me: 1
     7      lim.it: 0
     8      # Hostnames used by the letsencrypt client integration test.
     9      le.wtf: 10000
    10      le1.wtf: 10000
    11      le2.wtf: 10000
    12      le3.wtf: 10000
    13      nginx.wtf: 10000
    14      bad-caa-reserved.com: 10000
    15      ecdsa.le.wtf: 10000
    16      must-staple.le.wtf: 10000
    17    registrationOverrides:
    18      101: 1000
    19  registrationsPerIP:
    20    window: 168h # 1 week
    21    threshold: 10000
    22    overrides:
    23      127.0.0.1: 1000000
    24  registrationsPerIPRange:
    25    window: 168h # 1 week
    26    threshold: 99999
    27    overrides:
    28      127.0.0.1: 1000000
    29  pendingAuthorizationsPerAccount:
    30    window: 168h # 1 week, should match pending authorization lifetime.
    31    threshold: 150
    32  invalidAuthorizationsPerAccount:
    33    window: 5m
    34    threshold: 3
    35  newOrdersPerAccount:
    36    window: 3h
    37    threshold: 1500
    38  certificatesPerFQDNSet:
    39    window: 168h
    40    threshold: 6
    41    overrides:
    42      le.wtf: 10000
    43      le1.wtf: 10000
    44      le2.wtf: 10000
    45      le3.wtf: 10000
    46      le.wtf,le1.wtf: 10000
    47      nginx.wtf: 10000
    48      ecdsa.le.wtf: 10000
    49      must-staple.le.wtf: 10000
    50  certificatesPerFQDNSetFast:
    51    window: 3h
    52    threshold: 2
    53    overrides:
    54      le.wtf: 100