diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-10-01 15:05:59 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-10-01 15:05:59 +0300 |
| commit | 9e27f0d920cc3891fa7644c5cc0bc280c519fb20 (patch) | |
| tree | 9784dd99270f2009159b19077412bf83d13123a4 /doc/security | |
| parent | 1bab0ba591263cd739af2d2c7c3f1b03678a59b6 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/security')
| -rw-r--r-- | doc/security/rack_attack.md | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md index 09d29bf3446..51b7d7db3e4 100644 --- a/doc/security/rack_attack.md +++ b/doc/security/rack_attack.md @@ -36,6 +36,9 @@ will be enabled: ### Protected paths throttle +NOTE: **Note:** Omnibus GitLab protected paths throttle is deprecated and is scheduled for removal in +GitLab 13.0. Please refer to [Migrate settings from GitLab 12.3 and earlier](../user/admin_area/settings/protected_paths.md#migrate-settings-from-gitlab-123-and-earlier). + GitLab responds with HTTP status code `429` to POST requests at protected paths that exceed 10 requests per minute per IP address. @@ -124,6 +127,9 @@ The following settings can be configured: **Installations from source** +NOTE: **Note:** Rack Attack initializer was temporarily renamed to `rack_attack_new`, to +support backwards compatibility with the one [Omnibus initializer](https://docs.gitlab.com/omnibus/settings/configuration.html#setting-up-paths-to-be-protected-by-rack-attack). It'll be renamed back to `rack_attack.rb` once Omnibus throttle is removed. Please see the [GitLab issue](https://gitlab.com/gitlab-org/gitlab/issues/29952) for more information. + These settings can be found in `config/initializers/rack_attack.rb`. If you are missing `config/initializers/rack_attack.rb`, the following steps need to be taken in order to enable protection for your GitLab instance: |