# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
# 1. Rename this file to rack_attack.rb
# 2. Review the paths_to_be_protected and add any other path you need protecting
#
paths_to_be_protected = [
"#{Rails.application.config.relative_url_root}/users/password",
"#{Rails.application.config.relative_url_root}/users/sign_in",
"#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json",
"#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session",
"#{Rails.application.config.relative_url_root}/users",
"#{Rails.application.config.relative_url_root}/users/confirmation",
"#{Rails.application.config.relative_url_root}/unsubscribes/"
]
# Create one big regular expression that matches strings starting with any of
# the paths_to_be_protected.
paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ })
rack_attack_enabled = Gitlab.config.rack_attack.git_basic_auth['enabled']
unless Rails.env.test? || !rack_attack_enabled
Rack::Attack.throttle('protected paths', limit: <%= @rate_limit_requests_per_period %>, period: <%= @rate_limit_period %>.seconds) do |req|
if req.post? && req.path =~ paths_regex
req.ip
end
end
end
-
iv authored
Like f6f97d72 - pristine copy from omnibus-gitlab 8.8.7+ce.1-0-g5116476 Changes are: - gitlab.yml.erb Add gitlab_default_projects_features_container_registry variable to be used by docker containers - nginx.conf.erb Docker related password storage https://gitlab.com/gitlab-org/omnibus-gitlab/issues/1218 (commit f74472d4) - rack_attack.rb.erb Disable Rack Attack throttling if admin disables it in config file - smtp_settings.rb.erb If authentication is not enabled for smtp, don't place it in the config. The following files stay the same: - database.yml.erb - gitconfig.erb - gitlab-shell-config.yml.erb - nginx-gitlab-http.conf.erb - resque.yml.erb - unicorn.rb.erb
5e227fdb