Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-07-17 00:09:37 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-07-17 00:09:37 +0000
commit: d5cf5cf4f77eec07a04604b1a0298452029df16f (patch)
tree: 7fafba2450f0cc0160fbacfbd94a0b11ab47dc12 /config/initializers
parent: 831b6108d2aa46aca9bdce39a9bda33718d61fa7 (diff)
download: gitlab-ce-d5cf5cf4f77eec07a04604b1a0298452029df16f.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
index 51b49bec864..b0778633199 100644
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -68,6 +68,15 @@ class Rack::Attack
     end
   end
 
+  # Product analytics feature is in experimental stage.
+  # At this point we want to limit amount of events registered
+  # per application (aid stands for application id).
+  throttle('throttle_product_analytics_collector', limit: 100, period: 60) do |req|
+    if req.product_analytics_collector_request?
+      req.params['aid']
+    end
+  end
+
   throttle('throttle_authenticated_web', Gitlab::Throttle.authenticated_web_options) do |req|
     if req.web_request? &&
         Gitlab::Throttle.settings.throttle_authenticated_web_enabled
@@ -128,6 +137,10 @@ class Rack::Attack
       path =~ %r{^/-/(health|liveness|readiness)}
     end
 
+    def product_analytics_collector_request?
+      path.start_with?('/-/collector/i')
+    end
+
     def should_be_skipped?
       api_internal_request? || health_check_request?
     end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-07-17 00:09:37 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-07-17 00:09:37 +0000
commit	d5cf5cf4f77eec07a04604b1a0298452029df16f (patch)
tree	7fafba2450f0cc0160fbacfbd94a0b11ab47dc12 /config/initializers
parent	831b6108d2aa46aca9bdce39a9bda33718d61fa7 (diff)
download	gitlab-ce-d5cf5cf4f77eec07a04604b1a0298452029df16f.tar.gz