I'd like to rate limit the lockdown page so that people can't just brute force the password. I'm not seeing a way to do that, is there any plan for that functionality or a workaround so I can inject my code that rate limits endpoints?

Hi Greg,

Thanks for that question. Rate limiting is currently not supported, but definitely a feature worth to include. If you're going to patch django-lockdown to support it, it'd be really cool, if you could open a pull request so we can directly include it here.

After some further thoughts and some discussions with fellow djangoauts I came to the conclusion that rate limiting should be probably better done outside of this app, also because Django itself doesn't do rate limiting for its admin app out of the box.

Maybe you can simply implement rate limiting on webserver side, which would protect your whole site against DoS attacks instead of just the password form.