diff --git a/software/gitlab/gitlab-parameters.cfg b/software/gitlab/gitlab-parameters.cfg index 92c6f8894aa37cbe2a0624aa705d20ea5013f08b..329fad94e6b7e1cfcfc430dfdece0b6f127a894e 100644 --- a/software/gitlab/gitlab-parameters.cfg +++ b/software/gitlab/gitlab-parameters.cfg @@ -13,6 +13,10 @@ # db advanced configuration.db_pool = 10 +# rack-attack +configuration.rate_limit_requests_per_period = 10 +configuration.rate_limit_period = 60 + # unicorn advanced configuration.unicorn_worker_memory_limit_min = 200*(1024**2) diff --git a/software/gitlab/template/rack_attack.rb.in b/software/gitlab/template/rack_attack.rb.in index 07bfc082cba2a950dffbce8cf12bac709c6bd0bb..072ec7c4bc7ca94b310a32228224944829b311c1 100644 --- a/software/gitlab/template/rack_attack.rb.in +++ b/software/gitlab/template/rack_attack.rb.in @@ -4,6 +4,8 @@ # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/rack_attack.rb.erb # (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093) +{% from 'macrolib.cfg.in' import cfg with context %} + # 1. Rename this file to rack_attack.rb # 2. Review the paths_to_be_protected and add any other path you need protecting # @@ -24,7 +26,7 @@ paths_to_be_protected = [ paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ }) unless Rails.env.test? - Rack::Attack.throttle('protected paths', limit: <%= @rate_limit_requests_per_period %>, period: <%= @rate_limit_period %>.seconds) do |req| + Rack::Attack.throttle('protected paths', limit: {{ cfg('rate_limit_requests_per_period') }}, period: {{ cfg('rate_limit_period') }}.seconds) do |req| if req.post? && req.path =~ paths_regex req.ip end