diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-18 12:45:46 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-18 12:45:46 +0300 |
commit | a7b3560714b4d9cc4ab32dffcd1f74a284b93580 (patch) | |
tree | 7452bd5c3545c2fa67a28aa013835fb4fa071baf /doc/user/search/advanced_search.md | |
parent | ee9173579ae56a3dbfe5afe9f9410c65bb327ca7 (diff) |
Add latest changes from gitlab-org/gitlab@14-8-stable-eev14.8.0-rc42
Diffstat (limited to 'doc/user/search/advanced_search.md')
-rw-r--r-- | doc/user/search/advanced_search.md | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/doc/user/search/advanced_search.md b/doc/user/search/advanced_search.md index 13fba126169..05579696d35 100644 --- a/doc/user/search/advanced_search.md +++ b/doc/user/search/advanced_search.md @@ -140,3 +140,28 @@ its performance: | Issues | `global_search_issues_tab` | When enabled, the global search includes issues as part of the search. | | Merge Requests | `global_search_merge_requests_tab` | When enabled, the global search includes merge requests as part of the search. | | Wiki | `global_search_wiki_tab` | When enabled, the global search includes wiki as part of the search. [Group wikis](../project/wiki/group.md) are not included. | + +## Global Search validation + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/346263) in GitLab 14.6 [with a flag](../../administration/feature_flags.md) named `prevent_abusive_searches`. Disabled by default. + +FLAG: +On self-managed GitLab, by default this feature is not available. To make it available, + ask an administrator to [enable the feature flag](../../administration/feature_flags.md) named `prevent_abusive_searches`. + The feature is not ready for production use. + +To prevent abusive searches, such as searches that may result in a Distributed Denial of Service (DDoS), Global Search ignores, logs, and +doesn't return any results for searches considered abusive according to the following criteria, if `prevent_abusive_searches` feature flag is enabled: + +- Searches with less than 2 characters. +- Searches with any term greater than 100 characters. URL search terms have a maximum of 200 characters. +- Searches with a stop word as the only term (ie: "the", "and", "if", etc.). +- Searches with a `group_id` or `project_id` parameter that is not completely numeric. +- Searches with a `repository_ref` or `project_ref` parameter that has special characters not allowed by [Git refname](https://git-scm.com/docs/git-check-ref-format). +- Searches with a `scope` that is unknown. + +Regardless of the status of the `prevent_abusive_searches` feature flag, searches that don't +comply with the criteria described below aren't logged as abusive but are flagged with an error: + +- Searches with more than 4096 characters. +- Searches with more than 64 terms. |