How To Prevent Flooding In Shopware 6
Although Shopware 6 is protected from flooding by default, you can apply different techniques to make your e-commerce website more secure. In this article, we explain what flooding is. After that, you will learn how the system is protected and find out how to save your Shopware 6 website from flooding. Other useful tips on how to work with your e-commerce website are available here: Shopware Cookbook.
Note that we provide Shopware integration with external platforms. Contact our support for further information or try our Improved Import, Export & Mass Actions.
Table of contents
- 1 Flooding Defined
- 2 Basic Flood Attack Protection Techniques
- 3 How To Prevent Flooding In Shopware 6
- 4 Shopware 6 Essentials FAQ
- 4.1 How to create a Shopware account?
- 4.2 What about a Shopware ID?
- 4.3 What is Shopware master data?
- 4.4 How to add a new Shopware shop?
- 4.5 How to add a payment method to your Shopware account?
- 4.6 How to create a deposit in Shopware?
- 4.7 How to purchase Shopware extensions?
- 4.8 How to get support in Shopware?
- 4.9 How to automate import and export processes in Shopware 6?
- 4.10 How to migrate to Shopware 6?
- 4.11 How to integrate Shopware 6 with external systems?
Flooding Defined
Flooding, flood attack, or Denial of Service (DoS) attack is a type of attack on a website when attackers send a very high volume of traffic to a system (server) so that it cannot handle the load.
Basic Flood Attack Protection Techniques
Luckily, Shopware knows how to deal with flood attacks. The system restricts malevolent requests with the help of the following flood attack protection techniques.
Login
Shopware prevents flooding on login pages since registered, guest, and admin users have a limited number of login attempts. They can only log in 10 times before the system delays them.
- 10 failed login attempts lead to a 10-second delay before a new login attempt;
- 15 failed login attempts lead to a 30-second delay before a new login attempt;
- 20 failed login attempts lead to a 60-second delay before a new login attempt.
Note that Shopware resets the limit after a successful login or 24 hours without a failed login.
Contact form
Shopware prevents flooding on a contact form since customers can send a limited number of inquiries before being delayed by the system.
- 3 inquiries lead to a 30-second delay;
- 5 inquiries lead to a 60-second delay;
- 10 inquiries lead to a 90-second delay.
Shopware resets the limit after 24 hours.
Password reset
Storefront and admin users have 3 attempts to reset their password before Shopware delays them:
- 3 failed login attempts lead to a 30-second delay before a new login attempt;
- 5 failed login attempts lead to a 60-second delay before a new login attempt;
- 10 failed login attempts lead to a 90-second delay before a new login attempt.
Shopware resets the limit after 24 hours.
Storefront
On a storefront, a customer sees the following alert:
How To Prevent Flooding In Shopware 6
Shopware 6 lets you edit the above rules to make your e-commerce website even more secure. However, you won’t find the corresponding configuration section on the administration. You need to apply changes to the copy of the /framework/resources/config/packages/shopware.yaml file saved in your shop root directory under config/packages/shopware.yaml. The following core sections are available in the file:
- login – flooding prevention for storefront login for registered customers;
- guest_login – flooding prevention for storefront login for guests;
- oauth – flooding prevention for admin area login;
- reset_password – flooding prevention for storefront cutomer password reset;
- user_recovery – flooding prevention for admin area password reset;
- contact_form – flooding prevention for contact form.
You can apply custom limits and intervals. Also, it is possible to disable each function by replacing “enabled: true” with “enabled: false”.
The default configuration of flood attack prevention in Shopware 6 looks as follows:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
shopware: api: rate_limiter: login: enabled: true policy: 'time_backoff' reset: '24 hours' # reset limit after this time if no more requests failed limits: - limit: 10 interval: '10 seconds' - limit: 15 interval: '30 seconds' - limit: 20 interval: '60 seconds' guest_login: enabled: true policy: 'time_backoff' reset: '24 hours' limits: - limit: 10 interval: '10 seconds' - limit: 15 interval: '30 seconds' - limit: 20 interval: '60 seconds' oauth: enabled: true policy: 'time_backoff' reset: '24 hours' limits: - limit: 10 interval: '10 seconds' - limit: 15 interval: '30 seconds' - limit: 20 interval: '60 seconds' reset_password: enabled: true policy: 'time_backoff' reset: '24 hours' limits: - limit: 3 interval: '30 seconds' - limit: 5 interval: '60 seconds' - limit: 10 interval: '90 seconds' user_recovery: enabled: true policy: 'time_backoff' reset: '24 hours' limits: - limit: 3 interval: '30 seconds' - limit: 5 interval: '60 seconds' - limit: 10 interval: '90 seconds' contact_form: enabled: true policy: 'time_backoff' reset: '24 hours' limits: - limit: 3 interval: '30 seconds' - limit: 5 interval: '60 seconds' - limit: 10 interval: '90 seconds' |
Shopware 6 Essentials FAQ
How to create a Shopware account?
Creating a Shopware account is a basic step required to run your e-commerce business. The process looks as follows: visit the registration page, hit the Register Now link, and fill in the form to create a new account. After receiving a confirmation email, follow the instructions provided in it.
What about a Shopware ID?
You will get your Shopware ID automatically upon registration.
What is Shopware master data?
All the information about your company and business, such as physical addresses, phone numbers, emails, stored in your admin is called Shopware master data.
How to add a new Shopware shop?
It is possible to add a shop to your Shopware account in your merchant area. Hit the corresponding link, choose the type of your new shop (a cloud storefront or an on-premise installation), and provide all the information the system requires. Don’t forget the password associated with its admin!
How to add a payment method to your Shopware account?
You need a payment method to create a deposit to buy extensions and themes for your Shopware website. Go to Basic Information -> Accounting and select PayPal, credit card, or direct debit as a way to transfer funds to your account.
How to create a deposit in Shopware?
When the internal payment method is enabled, you can transfer money to your account to create a deposit. It is possible in your Merchant Area -> Shops. Choose a shop to provide funds to, click Open Account Details, and transfer a deposit that covers the amount of your future purchase.
How to purchase Shopware extensions?
Go to the Shopware Marketplace or open the Plugin Manager to buy extensions and themes for your website. Next, select a tool you want to buy and complete the checkout. Create a deposit in advance that equals the amount of your future purchase.
How to get support in Shopware?
You can get support with accounting and financials here: financial.services@shopware.com and +49 2555 9288 510. The following contacts are suitable for inquiries regarding license issues: info@shopware.com or call +49 2555 9288 50.
How to automate import and export processes in Shopware 6?
Use the Improved Import, Export & Mass Actions module to automate recurring data transfers. The extension provides the ability to create schedules to launch the corresponding import and export processes automatically.
How to migrate to Shopware 6?
Migration to Shopware 6 is another purpose of the Improved Import, Export & Mass Actions tool. It can transfer data from your existing website to the new platform. You can migrate from other e-commerce systems or the platform’s previous versions. Since we also offer export solutions for Magento and other similar systems, you can simplify your data transfers between them and Shopware. for more information.
How to integrate Shopware 6 with external systems?
The module is also helpful for the Shopware 6 integration with ERPs, CRMs, accounting tools, and other similar platforms. The Improved Import, Export & Mass Actions extension can help you automate repetitive import and export processes and modify data according to the requirements of your Shopware store during import and vice versa.
Related posts
Shopware 6 Advanced Pricing Guide + Import Tutorial
A Complete Guide to Shopify Customer Import
Magento Open Source and Adobe Commerce 2.4.7 Release Notes
How to Import Customers & Customer Addresses to Magento 2
How To Bulk Import Products In Shopify: CSV Description & Step-By-Step Guide
Magento 2 Release Notes
CopyAI Review 2023
Magento 2 B2B Company Guide: Revealing Company Structure & Import