diff --git a/software/gitlab/gitlab-parameters.cfg b/software/gitlab/gitlab-parameters.cfg
index 92c6f8894aa37cbe2a0624aa705d20ea5013f08b..329fad94e6b7e1cfcfc430dfdece0b6f127a894e 100644
--- a/software/gitlab/gitlab-parameters.cfg
+++ b/software/gitlab/gitlab-parameters.cfg
@@ -13,6 +13,10 @@
 # db advanced
 configuration.db_pool                   = 10
 
+# rack-attack
+configuration.rate_limit_requests_per_period    = 10
+configuration.rate_limit_period                 = 60
+
 
 # unicorn advanced
 configuration.unicorn_worker_memory_limit_min   = 200*(1024**2)
diff --git a/software/gitlab/template/rack_attack.rb.in b/software/gitlab/template/rack_attack.rb.in
index 07bfc082cba2a950dffbce8cf12bac709c6bd0bb..072ec7c4bc7ca94b310a32228224944829b311c1 100644
--- a/software/gitlab/template/rack_attack.rb.in
+++ b/software/gitlab/template/rack_attack.rb.in
@@ -4,6 +4,8 @@
 # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/rack_attack.rb.erb
 # (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093)
 
+{% from 'macrolib.cfg.in' import cfg  with context %}
+
 # 1. Rename this file to rack_attack.rb
 # 2. Review the paths_to_be_protected and add any other path you need protecting
 #
@@ -24,7 +26,7 @@ paths_to_be_protected = [
 paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ })
 
 unless Rails.env.test?
-  Rack::Attack.throttle('protected paths', limit: <%= @rate_limit_requests_per_period %>, period: <%= @rate_limit_period %>.seconds) do |req|
+  Rack::Attack.throttle('protected paths', limit: {{ cfg('rate_limit_requests_per_period') }}, period: {{ cfg('rate_limit_period') }}.seconds) do |req|
     if req.post? && req.path =~ paths_regex
       req.ip
     end