diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-18 12:45:46 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-18 12:45:46 +0300 |
commit | a7b3560714b4d9cc4ab32dffcd1f74a284b93580 (patch) | |
tree | 7452bd5c3545c2fa67a28aa013835fb4fa071baf /doc/security/rate_limits.md | |
parent | ee9173579ae56a3dbfe5afe9f9410c65bb327ca7 (diff) |
Add latest changes from gitlab-org/gitlab@14-8-stable-eev14.8.0-rc42
Diffstat (limited to 'doc/security/rate_limits.md')
-rw-r--r-- | doc/security/rate_limits.md | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/doc/security/rate_limits.md b/doc/security/rate_limits.md index 14fc526ca7e..a9b066631e7 100644 --- a/doc/security/rate_limits.md +++ b/doc/security/rate_limits.md @@ -1,6 +1,6 @@ --- stage: Manage -group: Authentication & Authorization +group: Authentication and Authorization info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments type: reference, howto --- @@ -41,6 +41,7 @@ You can set these rate limits in the Admin Area of your instance: - [Git LFS rate limits](../user/admin_area/settings/git_lfs_rate_limits.md) - [Files API rate limits](../user/admin_area/settings/files_api_rate_limits.md) - [Deprecated API rate limits](../user/admin_area/settings/deprecated_api_rate_limits.md) +- [GitLab Pages rate limits](../administration/pages/index.md#rate-limits) You can set these rate limits using the Rails console: @@ -89,7 +90,7 @@ The **rate limit** is 5 requests per minute per user. ### Users sign up -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77835) in GitLab 14.7. +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/339151) in GitLab 14.7. There is a rate limit per IP address on the `/users/sign_up` endpoint. This is to mitigate attempts to misuse the endpoint. For example, to mass discover usernames or email addresses in use. @@ -98,19 +99,19 @@ The **rate limit** is 20 calls per minute per IP address. ### Update username -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77221) in GitLab 14.7. +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/339152) in GitLab 14.7. -There is a rate limit on the update username action. This is enforced to mitigate misuse of the feature. For example, to mass discover +There is a rate limit on how frequently a username can be changed. This is enforced to mitigate misuse of the feature. For example, to mass discover which usernames are in use. The **rate limit** is 10 calls per minute per signed-in user. ### Username exists -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77119) in GitLab 14.7. +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/29040) in GitLab 14.7. -There is a rate limit for the internal endpoint `/users/:username/exists`, used by registration to perform a client-side validation for -uniqueness of the chosen username. This is to mitigate the risk of misuses, such as mass discovery of usernames in use. +There is a rate limit for the internal endpoint `/users/:username/exists`, used upon sign up to check if a chosen username has already been taken. +This is to mitigate the risk of misuses, such as mass discovery of usernames in use. The **rate limit** is 20 calls per minute per IP address. |