Add webhook rate limits to rate limits page

1dd1b980 · Kati Paizee · b0ad78db · 1dd1b980 · 1dd1b980 · 1dd1b980
Commit 1dd1b980 authored Nov 03, 2021 by Kati Paizee
Showing with 10 additions and 3 deletions

doc/administration/get_started.md doc/administration/get_started.md +2 -2

doc/administration/instance_limits.md doc/administration/instance_limits.md +3 -0

doc/security/rate_limits.md doc/security/rate_limits.md +5 -1

No files found.
--- a/doc/administration/get_started.md
+++ b/doc/administration/get_started.md
@@ -231,7 +231,7 @@ Rate limits also improve the security of your application.

 ### Configure rate limits for self-managed GitLab

-You can make changes to your default rate limits from the Admin Area. For more information about configuration, see the [Admin Area page](../security/rate_limits.md#admin-area-settings).
+You can make changes to your default rate limits from the Admin Area. For more information about configuration, see the [Admin Area page](../security/rate_limits.md#configurable-limits).

 - Define [issues rate limits](../user/admin_area/settings/rate_limit_on_issues_creation.md) to set a maximum number of issue creation requests per minute, per user.
 - Enforce [user and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md) for unauthenticated web requests.
@@ -249,7 +249,7 @@ Rate limits also improve the security of your application.

 ### Configure rate limits for GitLab SaaS

-You can make changes to your default rate limits from the Admin Area. For more information about configuration, see the [Admin Area page](../security/rate_limits.md#admin-area-settings).
+You can make changes to your default rate limits from the Admin Area. For more information about configuration, see the [Admin Area page](../security/rate_limits.md#configurable-limits).

 - Review the rate limit page.
 - Read our [API page](../api/index.md) for more information about API and rate limiting.

--- a/doc/administration/instance_limits.md
+++ b/doc/administration/instance_limits.md
@@ -143,6 +143,9 @@ This only applies to project and group webhooks.

 Calls over the rate limit are logged into `auth.log`.

+To set this limit for a self-managed installation, run the following in the
+[GitLab Rails console](operations/rails_console.md#starting-a-rails-console-session):
+
 ```ruby
 # If limits don't exist for the default plan, you can create one with:
 # Plan.default.create_limits!

--- a/doc/security/rate_limits.md
+++ b/doc/security/rate_limits.md
@@ -27,7 +27,7 @@ Most cases can be mitigated by limiting the rate of requests from a single IP ad
 Most [brute-force attacks](https://en.wikipedia.org/wiki/Brute-force_attack) are
 similarly mitigated by a rate limit.

-## Admin Area settings
+## Configurable limits

 You can set these rate limits in the Admin Area of your instance:

@@ -42,6 +42,10 @@ You can set these rate limits in the Admin Area of your instance:
 - [Files API rate limits](../user/admin_area/settings/files_api_rate_limits.md)
 - [Deprecated API rate limits](../user/admin_area/settings/deprecated_api_rate_limits.md)

+You can set these rate limits using the Rails console:
+
+- [Webhook rate limit](../administration/instance_limits.md#webhook-rate-limit)
+
 ## Failed authentication ban for Git and container registry

 GitLab returns HTTP status code `403` for 1 hour, if 30 failed authentication requests were received