Fix Rack Attack documentation to reflect the feature being disabled by default

doc/security/rack_attack.md

@@ -14,8 +14,8 @@ limited to 6 requests per minute. After trying for 6 times, the client will
 have to wait for the next minute to be able to try again.
 
 If you installed or upgraded GitLab by following the [official guides](../install/README.md)
-this should be enabled by default. If your instance is not exposed to any incoming
-connections, it is recommended to disable Rack Attack.
+this should be disabled by default. If your instance is not exposed to any incoming
+connections, it is recommended to leave Rack Attack disabled.
 
 For more information on how to use these options check out
 [rack-attack README](https://github.com/kickstarter/rack-attack/blob/master/README.md).
@@ -45,7 +45,7 @@ For more information on how to use these options check out
 
 The following settings can be configured:
 
-- `enabled`: By default this is set to `true`. Set this to `false` to disable Rack Attack.
+- `enabled`: By default this is set to `false`. Set this to `true` to enable Rack Attack.
 - `ip_whitelist`: Whitelist any IPs from being blocked. They must be formatted as strings within a ruby array.
    For example, `["127.0.0.1", "127.0.0.2", "127.0.0.3"]`.
 - `maxretry`: The maximum amount of times a request can be made in the