From 3cefc5d7df09dbc21cd9c892bc6c62b5b583ca6a Mon Sep 17 00:00:00 2001
From: Mayra Cabrera <mcabrera@gitlab.com>
Date: Wed, 24 Jul 2019 19:49:31 +0000
Subject: Add RateLimiter to RawController

* Limits raw requests to 300 per minute and per raw path.
* Add a new attribute to ApplicationSettings so user can change this
value on their instance.
* Uses Gitlab::ActionRateLimiter to limit the raw requests.
* Add a new method into ActionRateLimiter to log the event into auth.log

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/48717
---
 app/models/application_setting_implementation.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'app/models/application_setting_implementation.rb')

diff --git a/app/models/application_setting_implementation.rb b/app/models/application_setting_implementation.rb
index 30fc9fd6892..1e612bd0e78 100644
--- a/app/models/application_setting_implementation.rb
+++ b/app/models/application_setting_implementation.rb
@@ -98,7 +98,8 @@ module ApplicationSettingImplementation
         commit_email_hostname: default_commit_email_hostname,
         protected_ci_variables: false,
         local_markdown_version: 0,
-        outbound_local_requests_whitelist: []
+        outbound_local_requests_whitelist: [],
+        raw_blob_request_limit: 300
       }
     end
 
-- 
cgit v1.2.3