summaryrefslogtreecommitdiff
path: root/doc/security/rack_attack.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/security/rack_attack.md')
-rw-r--r--doc/security/rack_attack.md6
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md
index 09d29bf3446..51b7d7db3e4 100644
--- a/doc/security/rack_attack.md
+++ b/doc/security/rack_attack.md
@@ -36,6 +36,9 @@ will be enabled:
### Protected paths throttle
+NOTE: **Note:** Omnibus GitLab protected paths throttle is deprecated and is scheduled for removal in
+GitLab 13.0. Please refer to [Migrate settings from GitLab 12.3 and earlier](../user/admin_area/settings/protected_paths.md#migrate-settings-from-gitlab-123-and-earlier).
+
GitLab responds with HTTP status code `429` to POST requests at protected paths
that exceed 10 requests per minute per IP address.
@@ -124,6 +127,9 @@ The following settings can be configured:
**Installations from source**
+NOTE: **Note:** Rack Attack initializer was temporarily renamed to `rack_attack_new`, to
+support backwards compatibility with the one [Omnibus initializer](https://docs.gitlab.com/omnibus/settings/configuration.html#setting-up-paths-to-be-protected-by-rack-attack). It'll be renamed back to `rack_attack.rb` once Omnibus throttle is removed. Please see the [GitLab issue](https://gitlab.com/gitlab-org/gitlab/issues/29952) for more information.
+
These settings can be found in `config/initializers/rack_attack.rb`. If you are
missing `config/initializers/rack_attack.rb`, the following steps need to be
taken in order to enable protection for your GitLab instance:
View Lorry Controller Status