diff options
author | Evan Read <eread@gitlab.com> | 2019-08-28 05:50:35 +0000 |
---|---|---|
committer | Evan Read <eread@gitlab.com> | 2019-08-28 05:50:35 +0000 |
commit | fb276565297f8fd77f0dc1c8e51a42fec8697fce (patch) | |
tree | 5c78446aabfbff4cacee84df8fdf15d27bb0b591 | |
parent | 6262a91e365c658dc7d4ea286cd0e7201249bfa4 (diff) | |
parent | 8af8da09d0d25d25b5977b7c74da364e6fbec5fa (diff) | |
download | gitlab-ce-fb276565297f8fd77f0dc1c8e51a42fec8697fce.tar.gz |
Merge branch 'mk/remove-jwt-from-rate-limit-docs' into 'master'
Note CI token exception to JWT requests in rate limit docs
See merge request gitlab-org/gitlab-ce!32168
-rw-r--r-- | doc/security/rack_attack.md | 2 | ||||
-rw-r--r-- | doc/user/gitlab_com/index.md | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md index b99bfb16829..4ad5fd0d16c 100644 --- a/doc/security/rack_attack.md +++ b/doc/security/rack_attack.md @@ -81,6 +81,8 @@ This limit is reset by requests that authenticate successfully. For example, 29 failed authentication requests followed by 1 successful request, followed by 29 more failed authentication requests would not trigger a ban. +JWT requests authenticated by gitlab-ci-token are excluded from this limit. + No response headers are provided. ## Settings diff --git a/doc/user/gitlab_com/index.md b/doc/user/gitlab_com/index.md index af37cc896ad..8f1048260f2 100644 --- a/doc/user/gitlab_com/index.md +++ b/doc/user/gitlab_com/index.md @@ -314,7 +314,7 @@ Source: #### Git and container registry failed authentication ban -GitLab.com responds with HTTP status code 403 for 1 hour, if 30 failed +GitLab.com responds with HTTP status code `403` for 1 hour, if 30 failed authentication requests were received in a 3-minute period from a single IP address. This applies only to Git requests and container registry (`/jwt/auth`) requests @@ -324,6 +324,8 @@ This limit is reset by requests that authenticate successfully. For example, 29 failed authentication requests followed by 1 successful request, followed by 29 more failed authentication requests would not trigger a ban. +JWT requests authenticated by gitlab-ci-token are excluded from this limit. + No response headers are provided. ### Admin Area settings |