summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Kozono <mkozono@gmail.com>2019-07-29 18:02:20 -0700
committerMichael Kozono <mkozono@gmail.com>2019-07-29 18:02:20 -0700
commitb19dd169dcc9af142ff5dfee63f2fb3ed133bf39 (patch)
tree1fea52c68a84622f592e7298f02e636ea86ce98a
parentc19f013fdb28c05067adfbaea3ccc173c31f6930 (diff)
downloadgitlab-ce-mk/add-rate-limit-docs.tar.gz
Address feedbackmk/add-rate-limit-docs
Diffstat
-rw-r--r--doc/security/rack_attack.md4
-rw-r--r--doc/user/admin_area/settings/user_and_ip_rate_limits.md12
2 files changed, 4 insertions, 12 deletions
diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md
index 615b30382e6..c772f783f71 100644
--- a/doc/security/rack_attack.md
+++ b/doc/security/rack_attack.md
@@ -23,8 +23,8 @@ NOTE: **Note:** See
for simpler throttles that are configured in UI.
NOTE: **Note:** Starting with 11.2, Rack Attack is disabled by default. If your
-instance is not exposed to any incoming connections, it is recommended that you
-leave Rack Attack disabled.
+instance is not exposed to the public internet, it is recommended that you leave
+Rack Attack disabled.
## Behavior
diff --git a/doc/user/admin_area/settings/user_and_ip_rate_limits.md b/doc/user/admin_area/settings/user_and_ip_rate_limits.md
index f80d14c6a05..e3a495750f2 100644
--- a/doc/user/admin_area/settings/user_and_ip_rate_limits.md
+++ b/doc/user/admin_area/settings/user_and_ip_rate_limits.md
@@ -5,16 +5,8 @@ type: reference
# User and IP rate limits
Rate limiting is a common technique used to improve the security and durability
-of a web application.
-
-For example, a simple script can make thousands of web requests per second.
-Whether malicious, apathetic, or just a bug, your application and infrastructure
-may not be able to cope with the load (see
-[Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack)).
-Most cases can be mitigated by limiting the rate of requests from a single IP.
-
-Most [Brute-force attacks](https://en.wikipedia.org/wiki/Brute-force_attack) are
-similarly mitigated by a rate limit.
+of a web application. For more details, see
+[Rate limits](../../../security/rate_limits.md).
The following limits can be enforced in **Admin Area > Network > User and
IP rate limits**:
View Lorry Controller Status