From f0f285efc2d6abef8817ec811eaddeef5838c195 Mon Sep 17 00:00:00 2001 From: Tiago Botelho Date: Wed, 25 Jul 2018 09:48:02 +0100 Subject: Adds rack attack disabled by default notice to documentation --- doc/security/rack_attack.md | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'doc') diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md index c61729581e8..06b654a4a7a 100644 --- a/doc/security/rack_attack.md +++ b/doc/security/rack_attack.md @@ -9,6 +9,10 @@ In case you find throttling is not enough to protect you against abusive clients Rack Attack offers IP whitelisting, blacklisting, Fail2ban style filtering and tracking. +**Note:** Starting with 11.2, Rack Attack is disabled by default. To continue +using this feature, please enable it in your `gitlab.rb` by setting +`gitlab_rails['rack_attack_git_basic_auth'] = true`. + By default, user sign-in, user sign-up (if enabled), and user password reset is limited to 6 requests per minute. After trying for 6 times, the client will have to wait for the next minute to be able to try again. -- cgit v1.2.1