summaryrefslogtreecommitdiff
path: root/doc/security/rack_attack.md
diff options
context:
space:
mode:
authorMarin Jankovski <maxlazio@gmail.com>2013-09-26 22:40:55 +0200
committerMarin Jankovski <maxlazio@gmail.com>2013-09-30 11:10:46 +0200
commit055b60d4200aeee0eeab762f162c05305e58c41d (patch)
tree46efa952dcd01e92fa6217bed2b0f990261253f9 /doc/security/rack_attack.md
parentc562d290eaab16f8e72e7e3e9ff188e172372226 (diff)
downloadgitlab-ce-055b60d4200aeee0eeab762f162c05305e58c41d.tar.gz
Add documentation to help section, rack_attack as example
Diffstat (limited to 'doc/security/rack_attack.md')
-rw-r--r--doc/security/rack_attack.md19
1 files changed, 19 insertions, 0 deletions
diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md
new file mode 100644
index 00000000000..a0d02b1650f
--- /dev/null
+++ b/doc/security/rack_attack.md
@@ -0,0 +1,19 @@
+To prevent abusive clients doing damage GitLab uses rack-attack gem.
+If you installed or upgraded GitLab by following the official guides this should be enabled by default.
+If you are missing `config/initializers/rack_attack.rb` the following steps need to be taken in order to enable protection for your GitLab instance:
+
+1. In config/application.rb find and uncomment the following line:
+ config.middleware.use Rack::Attack
+2. Rename config/initializers/rack_attack.rb.example to config/initializers/rack_attack.rb
+3. Review the paths_to_be_protected and add any other path you need protecting
+4. Restart GitLab instance
+
+By default, user sign-in, user sign-up(if enabled) and user password reset is limited to 6 requests per minute.
+After trying for 6 times, client will have to wait for the next minute to be able to try again.
+These settings can be found in `config/initializers/rack_attack.rb`
+
+If you want more restrictive/relaxed throttle rule change the `limit` or `period` values. For example, more relaxed throttle rule will be if you set limit: 3 and period: 1.second(this will allow 3 requests per second). You can also add other paths to the protected list by adding to `paths_to_be_protected` variable. If you change any of these settings do not forget to restart your GitLab instance.
+
+In case you find throttling is not enough to protect you against abusive clients, rack-attack gem offers IP whitelisting, blacklisting, Fail2ban style filter and tracking.
+
+For more information on how to use these options check out [rack-attack README](https://github.com/kickstarter/rack-attack/blob/master/README.md). \ No newline at end of file