docs: clarify rate limiting behavior

See #13325
WeblateOrg · Dec 17, 2024 · e169343 · e169343
1 parent 2d2f886
commit e169343
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/docs/admin/optionals.rst b/docs/admin/optionals.rst
@@ -273,7 +273,7 @@ Rate limiting
 
 .. versionchanged:: 4.6
 
-      The rate limiting no longer applies to superusers.
+      The rate limiting no longer applies to signed in superusers.
 
 Several operations in Weblate are rate limited. At most
 :setting:`RATELIMIT_ATTEMPTS` attempts are allowed within :setting:`RATELIMIT_WINDOW` seconds.
@@ -302,6 +302,8 @@ The following operations are subject to rate limiting:
 | Creating new project              | ``PROJECT``        | 5                | 600              | 600            |
 +-----------------------------------+--------------------+------------------+------------------+----------------+
 
+The rate limiting is based on sessions when user is signed in and on IP address if not.
+
 If a user fails to sign in :setting:`AUTH_LOCK_ATTEMPTS` times, password authentication will be turned off on the account until having gone through the process of having its password reset.
 
 The settings can be also applied in the Docker container by adding ``WEBLATE_`` prefix to the setting name, for example :setting:`RATELIMIT_ATTEMPTS` becomes :envvar:`WEBLATE_RATELIMIT_ATTEMPTS`.