diff options
author | Michael Kozono <mkozono@gmail.com> | 2019-07-29 18:02:20 -0700 |
---|---|---|
committer | Michael Kozono <mkozono@gmail.com> | 2019-07-29 18:02:20 -0700 |
commit | b19dd169dcc9af142ff5dfee63f2fb3ed133bf39 (patch) | |
tree | 1fea52c68a84622f592e7298f02e636ea86ce98a | |
parent | c19f013fdb28c05067adfbaea3ccc173c31f6930 (diff) | |
download | gitlab-ce-mk/add-rate-limit-docs.tar.gz |
Address feedbackmk/add-rate-limit-docs
-rw-r--r-- | doc/security/rack_attack.md | 4 | ||||
-rw-r--r-- | doc/user/admin_area/settings/user_and_ip_rate_limits.md | 12 |
2 files changed, 4 insertions, 12 deletions
diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md index 615b30382e6..c772f783f71 100644 --- a/doc/security/rack_attack.md +++ b/doc/security/rack_attack.md @@ -23,8 +23,8 @@ NOTE: **Note:** See for simpler throttles that are configured in UI. NOTE: **Note:** Starting with 11.2, Rack Attack is disabled by default. If your -instance is not exposed to any incoming connections, it is recommended that you -leave Rack Attack disabled. +instance is not exposed to the public internet, it is recommended that you leave +Rack Attack disabled. ## Behavior diff --git a/doc/user/admin_area/settings/user_and_ip_rate_limits.md b/doc/user/admin_area/settings/user_and_ip_rate_limits.md index f80d14c6a05..e3a495750f2 100644 --- a/doc/user/admin_area/settings/user_and_ip_rate_limits.md +++ b/doc/user/admin_area/settings/user_and_ip_rate_limits.md @@ -5,16 +5,8 @@ type: reference # User and IP rate limits Rate limiting is a common technique used to improve the security and durability -of a web application. - -For example, a simple script can make thousands of web requests per second. -Whether malicious, apathetic, or just a bug, your application and infrastructure -may not be able to cope with the load (see -[Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack)). -Most cases can be mitigated by limiting the rate of requests from a single IP. - -Most [Brute-force attacks](https://en.wikipedia.org/wiki/Brute-force_attack) are -similarly mitigated by a rate limit. +of a web application. For more details, see +[Rate limits](../../../security/rate_limits.md). The following limits can be enforced in **Admin Area > Network > User and IP rate limits**: |