diff options
Diffstat (limited to 'doc/security')
| -rw-r--r-- | doc/security/rate_limits.md | 12 | ||||
| -rw-r--r-- | doc/security/token_overview.md | 2 |
2 files changed, 4 insertions, 10 deletions
diff --git a/doc/security/rate_limits.md b/doc/security/rate_limits.md index 929609cd4a4..26a17ef2c2c 100644 --- a/doc/security/rate_limits.md +++ b/doc/security/rate_limits.md @@ -74,13 +74,7 @@ For configuration information, see ### Git operations using SSH -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78373) in GitLab 14.7 [with a flag](../administration/feature_flags.md) named `rate_limit_gitlab_shell`. Disabled by default. -> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/79419) in GitLab 14.8. - -FLAG: -On self-managed GitLab, by default this feature is available. To disable the feature, ask an administrator to -[disable the feature flag](../administration/feature_flags.md) named `rate_limit_gitlab_shell`. On GitLab.com, this feature -is available. +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78373) in GitLab 14.7 [with a flag](../administration/feature_flags.md) named `rate_limit_gitlab_shell`. Available by default without a feature flag from 15.8. GitLab applies rate limits to Git operations that use SSH by user account and project. When the rate limit is exceeded, GitLab rejects further connection requests from that user for the project. @@ -130,7 +124,7 @@ The **rate limit** is 20 calls per minute per IP address. There is a rate limit on how frequently a username can be changed. This is enforced to mitigate misuse of the feature. For example, to mass discover which usernames are in use. -The **rate limit** is 10 calls per minute per signed-in user. +The **rate limit** is 10 calls per minute per authenticated user. ### Username exists @@ -152,7 +146,7 @@ The feature is not ready for production use. There is a rate limit for the endpoint `project/:id/jobs`, which is enforced to reduce timeouts when retrieving jobs. -The **rate limit** is 600 calls per minute per signed-in user. +The **rate limit** is 600 calls per minute per authenticated user. ## Troubleshooting diff --git a/doc/security/token_overview.md b/doc/security/token_overview.md index 0c9734cad36..64336f96274 100644 --- a/doc/security/token_overview.md +++ b/doc/security/token_overview.md @@ -134,6 +134,6 @@ This table shows available scopes per token. Scopes can be limited further on to - When creating a token, consider setting a token that expires when your task is complete. For example, if performing a one-off import, set the token to expire after a few hours or a day. This reduces the impact of a token that is accidentally leaked because it is useless when it expires. - Be careful not to include tokens when pasting code, console commands, or log outputs into an issue or MR description or comment. -- Don’t log credentials in the console logs. Consider [protecting](../ci/variables/index.md#protected-cicd-variables) and +- Don’t log credentials in the console logs. Consider [protecting](../ci/variables/index.md#protect-a-cicd-variable) and [masking](../ci/variables/index.md#mask-a-cicd-variable) your credentials. - Review all currently active access tokens of all types on a regular basis and revoke any that are no longer needed. |