Lower <sts:duration> to 5m to prevent misconfigs denying access.

author: Sadie Powell <sadie@witchery.services> 2020-02-19 09:58:47 +0000
committer: Sadie Powell <sadie@witchery.services> 2020-02-19 10:03:23 +0000
commit: 327bacd3687f307a5f8586856a94b16c9e4370bf (patch)
tree: 82eb9cb640d9120b0c64c3dfe029f34ab52a232c /docs
parent: a3df29ba4902da2dd0e2dea1c8a9469ced629804 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example
index ae32bb0e0..ad2b9ca8a 100644
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@@ -1224,14 +1224,15 @@
 #
 # host     - A glob match for the SNI hostname to apply this policy to.
 # duration - The amount of time that the policy lasts for. Defaults to
-#            approximately two months by default.
+#            five minutes by default. You should raise this to a month
+#            or two once you know that your config is valid.
 # port     - The port on which TLS connections to the server are being
 #            accepted. You MUST have a CA-verified certificate on this
 #            port. Self signed certificates are not acceptable.
 # preload  - Whether client developers can include your certificate in
 #            preload lists.
 #
-# <sts host="*.example.com" duration="60d" port="6697" preload="yes">
+# <sts host="*.example.com" duration="5m" port="6697" preload="yes">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Join flood module: Adds support for join flood protection +j X:Y.
author	Sadie Powell <sadie@witchery.services>	2020-02-19 09:58:47 +0000
committer	Sadie Powell <sadie@witchery.services>	2020-02-19 10:03:23 +0000
commit	327bacd3687f307a5f8586856a94b16c9e4370bf (patch)
tree	82eb9cb640d9120b0c64c3dfe029f34ab52a232c /docs
parent	a3df29ba4902da2dd0e2dea1c8a9469ced629804 (diff)