summaryrefslogtreecommitdiff
path: root/doc/security
diff options
context:
space:
mode:
authorCiro Santilli <ciro.santilli@gmail.com>2014-04-25 00:48:22 +0200
committerCiro Santilli <ciro.santilli@gmail.com>2014-06-03 23:16:31 +0200
commitfd348de76d651d49acc8eb742cc647dc777ef5fc (patch)
tree26f42bef57c9a636eff0a548a29cb1e2e6d12c8c /doc/security
parentde1a7aa7eb523cf2fdad12f8eeda2ba4c5b51820 (diff)
downloadgitlab-ce-fd348de76d651d49acc8eb742cc647dc777ef5fc.tar.gz
Update docs to markdown style guide.
Diffstat (limited to 'doc/security')
-rw-r--r--doc/security/README.md6
-rw-r--r--doc/security/password_length_limits.md1
-rw-r--r--doc/security/rack_attack.md20
3 files changed, 17 insertions, 10 deletions
diff --git a/doc/security/README.md b/doc/security/README.md
index f8dd1291b9b..b89e8cbe020 100644
--- a/doc/security/README.md
+++ b/doc/security/README.md
@@ -1,2 +1,4 @@
-+ [Password length limits](password_length_limits.md)
-+ [Rack attack](rack_attack.md)
+# Security
+
+- [Password length limits](password_length_limits.md)
+- [Rack attack](rack_attack.md)
diff --git a/doc/security/password_length_limits.md b/doc/security/password_length_limits.md
index c8d66e9636c..d21b26a43e8 100644
--- a/doc/security/password_length_limits.md
+++ b/doc/security/password_length_limits.md
@@ -1,6 +1,7 @@
# Custom password length limits
If you want to enforce longer user passwords you can create an extra Devise initializer with the steps below.
+
If you do not use the `devise_password_length.rb` initializer the password length is set to a minimum of 8 characters in `config/initializers/devise.rb`.
```bash
diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md
index 9e863bbd190..92066997be8 100644
--- a/doc/security/rack_attack.md
+++ b/doc/security/rack_attack.md
@@ -1,18 +1,22 @@
# Rack attack
To prevent abusive clients doing damage GitLab uses rack-attack gem.
+
If you installed or upgraded GitLab by following the official guides this should be enabled by default.
+
If you are missing `config/initializers/rack_attack.rb` the following steps need to be taken in order to enable protection for your GitLab instance:
-1. In config/application.rb find and uncomment the following line:
- config.middleware.use Rack::Attack
-2. Rename config/initializers/rack_attack.rb.example to config/initializers/rack_attack.rb
-3. Review the paths_to_be_protected and add any other path you need protecting
-4. Restart GitLab instance
+1. In config/application.rb find and uncomment the following line:
+
+ config.middleware.use Rack::Attack
+
+1. Rename `config/initializers/rack_attack.rb.example` to `config/initializers/rack_attack.rb`.
+
+1. Review the `paths_to_be_protected` and add any other path you need protecting.
+
+1. Restart GitLab instance.
-By default, user sign-in, user sign-up(if enabled) and user password reset is limited to 6 requests per minute.
-After trying for 6 times, client will have to wait for the next minute to be able to try again.
-These settings can be found in `config/initializers/rack_attack.rb`
+By default, user sign-in, user sign-up(if enabled) and user password reset is limited to 6 requests per minute. After trying for 6 times, client will have to wait for the next minute to be able to try again. These settings can be found in `config/initializers/rack_attack.rb`
If you want more restrictive/relaxed throttle rule change the `limit` or `period` values. For example, more relaxed throttle rule will be if you set limit: 3 and period: 1.second(this will allow 3 requests per second). You can also add other paths to the protected list by adding to `paths_to_be_protected` variable. If you change any of these settings do not forget to restart your GitLab instance.