summaryrefslogtreecommitdiff
path: root/doc/security
diff options
context:
space:
mode:
authorRussell Dickenson <rdickenson@gitlab.com>2019-08-07 08:44:23 +0000
committerEvan Read <eread@gitlab.com>2019-08-07 08:44:23 +0000
commit0eafd744d5d5ce757a7774f12f1f809b854cb0d8 (patch)
treeb81de348c7267ba2922c6711b79d054cc2dc62f3 /doc/security
parent1e69e67dc330ccb4533bff967c9ad2ebd7200eb0 (diff)
downloadgitlab-ce-0eafd744d5d5ce757a7774f12f1f809b854cb0d8.tar.gz
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/65499
Diffstat (limited to 'doc/security')
-rw-r--r--doc/security/rack_attack.md26
1 files changed, 13 insertions, 13 deletions
diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md
index c772f783f71..b99bfb16829 100644
--- a/doc/security/rack_attack.md
+++ b/doc/security/rack_attack.md
@@ -20,9 +20,9 @@ For more information on how to use these options see the [Rack Attack README](ht
NOTE: **Note:** See
[User and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md)
-for simpler throttles that are configured in UI.
+for simpler limits that are configured in the UI.
-NOTE: **Note:** Starting with 11.2, Rack Attack is disabled by default. If your
+NOTE: **Note:** Starting with GitLab 11.2, Rack Attack is disabled by default. If your
instance is not exposed to the public internet, it is recommended that you leave
Rack Attack disabled.
@@ -31,13 +31,13 @@ Rack Attack disabled.
If set up as described in the [Settings](#settings) section below, two behaviors
will be enabled:
-- Protected paths will be throttled
-- Failed authentications for Git and container registry requests will trigger a temporary IP ban
+- Protected paths will be throttled.
+- Failed authentications for Git and container registry requests will trigger a temporary IP ban.
### Protected paths throttle
-GitLab responds with HTTP status code 429 to POST requests at protected paths
-over 10 requests per minute per IP address.
+GitLab responds with HTTP status code `429` to POST requests at protected paths
+that exceed 10 requests per minute per IP address.
By default, protected paths are:
@@ -62,16 +62,16 @@ Retry-After: 60
For example, the following are limited to a maximum 10 requests per minute:
-- user sign-in
-- user sign-up (if enabled)
-- user password reset
+- User sign-in
+- User sign-up (if enabled)
+- User password reset
-After trying for 10 times, the client will
-have to wait a minute before to be able to try again.
+After 10 requests, the client must wait a minute before it can
+try again.
### Git and container registry failed authentication ban
-GitLab responds with HTTP status code 403 for 1 hour, if 30 failed
+GitLab responds with HTTP status code `403` for 1 hour, if 30 failed
authentication requests were received in a 3-minute period from a single IP address.
This applies only to Git requests and container registry (`/jwt/auth`) requests
@@ -145,7 +145,7 @@ If you want more restrictive/relaxed throttle rules, edit
For example, more relaxed throttle rules will be if you set
`limit: 3` and `period: 1.seconds` (this will allow 3 requests per second).
You can also add other paths to the protected list by adding to `paths_to_be_protected`
-variable. If you change any of these settings do not forget to restart your
+variable. If you change any of these settings you must restart your
GitLab instance.
## Remove blocked IPs from Rack Attack via Redis