Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>2013-11-25 20:24:45 +0400
committerDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>2013-11-25 20:24:45 +0400
commit47e8c67d1d6fce78bbe713eb030c24ecebc81081 (patch)
tree93250f4ca5ab3d095ec73100a357b3871ebcfe42 /config
parent0461760f2153c68210a25d40093e7575b67c9607 (diff)
Include API session route under rack protection
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Diffstat (limited to 'config')
-rw-r--r--config/initializers/rack_attack.rb.example4
1 files changed, 3 insertions, 1 deletions
diff --git a/config/initializers/rack_attack.rb.example b/config/initializers/rack_attack.rb.example
index 1d2dee9a054..1d10a53d505 100644
--- a/config/initializers/rack_attack.rb.example
+++ b/config/initializers/rack_attack.rb.example
@@ -5,11 +5,13 @@
paths_to_be_protected = [
"#{Rails.application.config.relative_url_root}/users/password",
"#{Rails.application.config.relative_url_root}/users/sign_in",
+ "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json",
+ "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session",
"#{Rails.application.config.relative_url_root}/users"
]
unless Rails.env.test?
- Rack::Attack.throttle('protected paths', limit: 6, period: 60.seconds) do |req|
+ Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do |req|
req.ip if paths_to_be_protected.include?(req.path) && req.post?
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 11:42:28 +0300