summaryrefslogtreecommitdiff
path: root/doc/security
Commit message (Collapse)AuthorAgeFilesLines
* Support CIDR notation in IP rate limitersh-support-subnets-ip-rate-limiterStan Hu2019-06-271-2/+3
| | | | | This will make it possible to whitelist multiple IP addresses (e.g. 192.168.0.1/24).
* refactor: apply "require 2FA" to all subgroup and ancestor group members, ↵Roger Meier2019-06-131-2/+20
| | | | when changing
* Update links in information_exclusivity.md61510-review-and-update-the-security-doc-pages-to-adhere-to-ssot-standards-docsMike Lewis2019-06-091-2/+2
|
* Corrected links to use absolute path namesMatt Penna2019-06-071-2/+3
|
* Added links to pertinent GitLab docsMatt Penna2019-06-071-2/+3
| | | | Clarified who can push to a protected branch
* Apply suggestion to doc/security/webhooks.mdMatt Penna2019-06-071-2/+2
|
* Apply suggestion to doc/security/rack_attack.mdMatt Penna2019-06-071-1/+1
|
* Updated security docsMatt Penna2019-06-071-1/+1
| | | | | | | | | | | | Changes include: - Added front matter - Added Troubleshooting header - Shorted long lines - Corrected typos and improved clarity throughout
* Various edits to security documentationMatt Penna2019-06-0711-51/+233
| | | | Edits to conform with CE epic 1280 SSOT standards, other improvements
* Add type to frontmatterAchilleas Pipinellis2019-06-074-4/+17
|
* Clarify and improve 2FA configuration informationEvan Read2019-06-053-19/+16
|
* Changes RackAttack logger to use structured logsMayra Cabrera2019-05-241-1/+1
| | | | | | | | Creates a new filename to register auth logs. This change should allow SRE's queries to make better queries through logging infrastructure. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54528
* Docs: add details about restricted SSH keysTristan Williams2019-02-222-0/+8
|
* Docs: Misc small fixes to docsMarcel Amirault2019-02-121-0/+1
|
* Fix most instances of bare URLs in markdownEvan Read2019-01-241-2/+2
|
* Merge branch 'patch-31' into 'master'Rémy Coutable2019-01-141-1/+1
|\ | | | | | | | | GitLab 11.4.3 "Outbound requests" setting path See merge request gitlab-org/gitlab-ce!22898
| * GitLab 11.4.3 "Outbound requests" setting pathThunk2018-11-081-1/+1
| |
* | Make unordered lists conform to styleguidedocs/fix-unordered-list-styleEvan Read2019-01-081-5/+5
| | | | | | | | - Also makes other minor Markdown fixes that were near the main fixes.
* | Update doc/security/rack-attack.mdMatt Rice2018-12-111-2/+1
| |
* | fix: update the link to the new address.Salman Mohammadi2018-12-041-1/+1
| | | | | | this change eliminates the need to redirect the page.
* | Precisions about the times specified in gitlab.rb for Rack AttackIllan RUL-DA CUNHA2018-11-201-6/+6
| |
* | Resolve Markdown ordered lists not conforming to styleguidedocs/fix-ordered-list-item-prefixEvan Read2018-11-132-11/+11
|/
* Correct Gitlab to GitLab in docsMarcel Amirault2018-09-251-1/+1
|
* Correct grammar (setup to set-up) in DocsMarcel Amirault2018-09-211-1/+1
|
* Fix minor error in doc/security/user_email_confirmation.mdYannick Binnenweg2018-08-291-1/+1
| | | | | | | Originally submitted at https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3190. Signed-off-by: Rémy Coutable <remy@rymai.me>
* Add instructions to unlock an accountAaron2018-08-293-1/+33
| | | | | | | Originally submitted at https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/6578. Signed-off-by: Rémy Coutable <remy@rymai.me>
* Compress all PNG images under doc/Achilleas Pipinellis2018-08-274-0/+0
| | | | | | | | | | The pngquant tool was used https://pngquant.org, and particularly, the following command: /usr/bin/pngquant -f --skip-if-larger --ext .png --speed 1 image.png Before: 47584K After : 34924K
* Merge branch 'update-rack-attack-deprecation-note-in-docs' into 'master'Douwe Maan2018-07-251-0/+4
|\ | | | | | | | | Adds rack attack disabled by default notice to documentation See merge request gitlab-org/gitlab-ce!20833
| * Adds rack attack disabled by default notice to documentationupdate-rack-attack-deprecation-note-in-docsTiago Botelho2018-07-251-0/+4
| |
* | Fix Rack Attack documentation to reflect the feature being disabled by defaultTiago Botelho2018-07-251-3/+3
|/
* docMark Chao2018-06-062-2/+2
|
* Improve documentation of SSRF protectionFrancisco Javier López2018-04-242-3/+10
|
* Update rack attack docsCindy Pallares 🦉2018-01-231-13/+123
|
* Exclude comments from specific docsAchilleas Pipinellis2017-11-011-0/+4
|
* More review commentsNick Thomas2017-08-301-0/+0
|
* Address review commentsNick Thomas2017-08-302-4/+5
|
* Rework the permissions model for SSH key restrictionsNick Thomas2017-08-301-0/+0
| | | | | | | | | | | | | | | `allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them.
* Add settings for minimum key strength and allowed key typeNick Thomas2017-08-303-0/+19
| | | | | | | | This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712
* Support 2FA requirement per-groupMarkus Koller2017-04-062-1/+16
|
* Move webhooks to new a location under IntegrationsAchilleas Pipinellis2017-02-031-2/+2
|
* Reduce size of images from 25MB to 13MB using pngquantAchilleas Pipinellis2016-11-221-0/+0
| | | | | | Took it from https://gitlab.com/gitlab-com/www-gitlab-com/merge_requests/3232 [ci skip]
* optimize png images losslessly using zopflipngPeter Dave Hello2016-06-291-0/+0
|
* Change landing page when skipping confirmation email and add documentationFelipe Artur2016-05-162-0/+8
|
* Use relative links in `doc`, fix broken generated HTML linksAnatoly Borodin2016-03-171-1/+1
| | | | | | | | | | | | | | | | | Links like (doc/web_hooks/web_hooks.md) work in the GitLab source code web interface, but the HTML generator produces broken links in the `doc` subdirectories: http://doc.gitlab.com/ce/hooks/doc/web_hooks/web_hooks.html instead of the right one http://doc.gitlab.com/ce/web_hooks/web_hooks.html in http://doc.gitlab.com/ce/hooks/custom_hooks.html. Fixes #14338 [ci skip] Signed-off-by: Anatoly Borodin <anatoly.borodin@gmail.com>
* web hooks to webhooksashleys2016-03-102-7/+7
|
* Make "Two-factor" casing consistent throughout the applicationrs-two-factor-casingRobert Speicher2016-01-311-1/+1
|
* Add image to 2fa security documentationAchilleas Pipinellis2016-01-222-4/+11
| | | | [ci skip]
* Clean up CRIME security doc [ci skip]Achilleas Pipinellis2015-12-251-37/+41
|
* Merge branch 'master' into adding_crime_securityAchilleas Pipinellis2015-12-252-0/+39
|\
| * Fixed codestyle and added 2FA documentationfeature/force-tfaGabriel Mazetto2015-12-242-0/+39
| |
View Lorry Controller Status