diff options
Diffstat (limited to 'doc/security/rate_limits.md')
-rw-r--r-- | doc/security/rate_limits.md | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/doc/security/rate_limits.md b/doc/security/rate_limits.md index 14fc526ca7e..a9b066631e7 100644 --- a/doc/security/rate_limits.md +++ b/doc/security/rate_limits.md @@ -1,6 +1,6 @@ --- stage: Manage -group: Authentication & Authorization +group: Authentication and Authorization info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments type: reference, howto --- @@ -41,6 +41,7 @@ You can set these rate limits in the Admin Area of your instance: - [Git LFS rate limits](../user/admin_area/settings/git_lfs_rate_limits.md) - [Files API rate limits](../user/admin_area/settings/files_api_rate_limits.md) - [Deprecated API rate limits](../user/admin_area/settings/deprecated_api_rate_limits.md) +- [GitLab Pages rate limits](../administration/pages/index.md#rate-limits) You can set these rate limits using the Rails console: @@ -89,7 +90,7 @@ The **rate limit** is 5 requests per minute per user. ### Users sign up -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77835) in GitLab 14.7. +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/339151) in GitLab 14.7. There is a rate limit per IP address on the `/users/sign_up` endpoint. This is to mitigate attempts to misuse the endpoint. For example, to mass discover usernames or email addresses in use. @@ -98,19 +99,19 @@ The **rate limit** is 20 calls per minute per IP address. ### Update username -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77221) in GitLab 14.7. +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/339152) in GitLab 14.7. -There is a rate limit on the update username action. This is enforced to mitigate misuse of the feature. For example, to mass discover +There is a rate limit on how frequently a username can be changed. This is enforced to mitigate misuse of the feature. For example, to mass discover which usernames are in use. The **rate limit** is 10 calls per minute per signed-in user. ### Username exists -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77119) in GitLab 14.7. +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/29040) in GitLab 14.7. -There is a rate limit for the internal endpoint `/users/:username/exists`, used by registration to perform a client-side validation for -uniqueness of the chosen username. This is to mitigate the risk of misuses, such as mass discovery of usernames in use. +There is a rate limit for the internal endpoint `/users/:username/exists`, used upon sign up to check if a chosen username has already been taken. +This is to mitigate the risk of misuses, such as mass discovery of usernames in use. The **rate limit** is 20 calls per minute per IP address. |