diff options
author | Evan Read <eread@gitlab.com> | 2019-08-28 15:57:20 +1000 |
---|---|---|
committer | Evan Read <eread@gitlab.com> | 2019-08-28 15:57:20 +1000 |
commit | 46f7674733c6289e7ced13fb86f66de792ff5eac (patch) | |
tree | a3f15bfe6df2dd12bcb87ae82a37e7af7103d60f /doc/security/rack_attack.md | |
parent | fb276565297f8fd77f0dc1c8e51a42fec8697fce (diff) | |
download | gitlab-ce-46f7674733c6289e7ced13fb86f66de792ff5eac.tar.gz |
Edit limit textdocs/edit-limit-text
Diffstat (limited to 'doc/security/rack_attack.md')
-rw-r--r-- | doc/security/rack_attack.md | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md index 4ad5fd0d16c..09d29bf3446 100644 --- a/doc/security/rack_attack.md +++ b/doc/security/rack_attack.md @@ -77,11 +77,12 @@ authentication requests were received in a 3-minute period from a single IP addr This applies only to Git requests and container registry (`/jwt/auth`) requests (combined). -This limit is reset by requests that authenticate successfully. For example, 29 -failed authentication requests followed by 1 successful request, followed by 29 -more failed authentication requests would not trigger a ban. +This limit: -JWT requests authenticated by gitlab-ci-token are excluded from this limit. +- Is reset by requests that authenticate successfully. For example, 29 + failed authentication requests followed by 1 successful request, followed by 29 + more failed authentication requests would not trigger a ban. +- Does not apply to JWT requests authenticated by `gitlab-ci-token`. No response headers are provided. |