Commit 965f3099 authored by Olena Horal-Koretska's avatar Olena Horal-Koretska

Merge branch '330221-admin-area-package-registry-rate-limits' into 'master'

OKR: Admin Area-Network/ Package Registry Rate Limits

See merge request gitlab-org/gitlab!70137
parents 0c561756 99d4fdea
......@@ -2,36 +2,31 @@
= form_errors(@application_setting)
%fieldset
%h5
= _('Unauthenticated API request rate limit')
= _("The package registry rate limits can help reduce request volume (like from crawlers or abusive bots).")
%fieldset
.form-group
.form-check
= f.check_box :throttle_unauthenticated_packages_api_enabled, class: 'form-check-input', data: { qa_selector: 'throttle_unauthenticated_packages_api_checkbox' }
= f.label :throttle_unauthenticated_packages_api_enabled, class: 'form-check-label label-bold' do
= _('Enable unauthenticated API request rate limit')
%span.form-text.text-muted
= _('Helps reduce request volume (e.g. from crawlers or abusive bots)')
.form-group
= f.label :throttle_unauthenticated_packages_api_requests_per_period, 'Max unauthenticated API requests per period per IP', class: 'label-bold'
= f.label :throttle_unauthenticated_packages_api_requests_per_period, _('Maximum unauthenticated API requests per rate limit period per IP'), class: 'label-bold'
= f.number_field :throttle_unauthenticated_packages_api_requests_per_period, class: 'form-control gl-form-input'
.form-group
= f.label :throttle_unauthenticated_packages_api_period_in_seconds, 'Unauthenticated API rate limit period in seconds', class: 'label-bold'
= f.label :throttle_unauthenticated_packages_api_period_in_seconds, _('Unauthenticated API rate limit period in seconds'), class: 'label-bold'
= f.number_field :throttle_unauthenticated_packages_api_period_in_seconds, class: 'form-control gl-form-input'
%hr
%h5
= _('Authenticated API request rate limit')
.form-group
.form-check
= f.check_box :throttle_authenticated_packages_api_enabled, class: 'form-check-input', data: { qa_selector: 'throttle_authenticated_packages_api_checkbox' }
= f.label :throttle_authenticated_packages_api_enabled, class: 'form-check-label label-bold' do
= _('Enable authenticated API request rate limit')
%span.form-text.text-muted
= _('Helps reduce request volume (e.g. from crawlers or abusive bots)')
.form-group
= f.label :throttle_authenticated_packages_api_requests_per_period, 'Max authenticated API requests per period per user', class: 'label-bold'
= f.label :throttle_authenticated_packages_api_requests_per_period, _('Maximum authenticated API requests per rate limit period per user'), class: 'label-bold'
= f.number_field :throttle_authenticated_packages_api_requests_per_period, class: 'form-control gl-form-input'
.form-group
= f.label :throttle_authenticated_packages_api_period_in_seconds, 'Authenticated API rate limit period in seconds', class: 'label-bold'
= f.label :throttle_authenticated_packages_api_period_in_seconds, _('Authenticated API rate limit period in seconds'), class: 'label-bold'
= f.number_field :throttle_authenticated_packages_api_period_in_seconds, class: 'form-control gl-form-input'
= f.submit _('Save changes'), class: "gl-button btn btn-confirm", data: { qa_selector: 'save_changes_button' }
......@@ -27,11 +27,12 @@
%section.settings.as-packages-limits.no-animate#js-packages-limits-settings{ class: ('expanded' if expanded_by_default?), data: { qa_selector: 'packages_limits_content' } }
.settings-header
%h4
= _('Package Registry Rate Limits')
= _('Package registry rate limits')
%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
= expanded_by_default? ? _('Collapse') : _('Expand')
%p
= _('Configure specific limits for Packages API requests that supersede the general user and IP rate limits.')
= _('Set rate limits for package registry API requests that supersede the general user and IP rate limits.')
= link_to _('Learn more.'), help_page_path('user/admin_area/settings/package_registry_rate_limits.md'), target: '_blank', rel: 'noopener noreferrer'
.settings-content
= render 'package_registry_limits'
- if Feature.enabled?(:files_api_throttling, default_enabled: :yaml)
......
......@@ -7,28 +7,47 @@ type: reference
# Package Registry Rate Limits **(FREE SELF)**
Rate limiting is a common technique used to improve the security and durability of a web
application. For more details, see [Rate limits](../../../security/rate_limits.md). General user and
IP rate limits can be enforced from the top bar at
**Menu > Admin > Settings > Network > User and IP rate limits**.
For more details, see [User and IP rate limits](user_and_ip_rate_limits.md).
With the [GitLab Package Registry](../../packages/package_registry/index.md),
you can use GitLab as a private or public registry for a variety of common package managers. You can
publish and share packages, which others can consume as a dependency in downstream projects through
the [Packages API](../../../api/packages.md).
When downloading such dependencies in downstream projects, many requests are made through the
Packages API. You may therefore reach enforced user and IP rate limits. To address this issue, you
can define specific rate limits for the Packages API in
**Menu > Admin > Settings > Network > Package Registry Rate Limits**:
If downstream projects frequently download such dependencies, many requests are made through the
Packages API. You may therefore reach enforced [user and IP rate limits](user_and_ip_rate_limits.md).
To address this issue, you can define specific rate limits for the Packages API:
- [Unauthenticated requests (per IP)](#enable-unauthenticated-request-rate-limit-for-packages-api).
- [Authenticated API requests (per user)](#enable-authenticated-api-request-rate-limit-for-packages-api).
These limits are disabled by default.
When enabled, they supersede the general user and IP rate limits for requests to
the Packages API. You can therefore keep the general user and IP rate limits, and
increase the rate limits for the Packages API. Besides this precedence, there is
no difference in functionality compared to the general user and IP rate limits.
## Enable unauthenticated request rate limit for packages API
To enable the unauthenticated request rate limit:
1. On the top bar, select **Menu > Admin**.
1. On the left sidebar, select **Settings > Network**, and expand **Package registry rate limits**.
1. Select **Enable unauthenticated request rate limit**.
- Optional. Update the **Maximum unauthenticated requests per rate limit period per IP** value.
Defaults to `800`.
- Optional. Update the **Unauthenticated rate limit period in seconds** value.
Defaults to `15`.
## Enable authenticated API request rate limit for packages API
- Unauthenticated Packages API requests
- Authenticated Packages API requests
To enable the authenticated API request rate limit:
These limits are disabled by default. When enabled, they supersede the general user and IP rate
limits for requests to the Packages API. You can therefore keep the general user and IP rate limits,
and increase (if necessary) the rate limits for the Packages API.
1. On the top bar, select **Menu > Admin**.
1. On the left sidebar, select **Settings > Network**, and expand **Package registry rate limits**.
1. Select **Enable authenticated API request rate limit**.
Besides this precedence, there are no differences in functionality compared to the general user and
IP rate limits. For more details, see [User and IP rate limits](user_and_ip_rate_limits.md).
- Optional. Update the **Maximum authenticated API requests per rate limit period per user** value.
Defaults to `1000`.
- Optional. Update the **Authenticated API rate limit period in seconds** value.
Defaults to `15`.
......@@ -8544,9 +8544,6 @@ msgstr ""
msgid "Configure specific limits for Git LFS requests that supersede the general user and IP rate limits."
msgstr ""
msgid "Configure specific limits for Packages API requests that supersede the general user and IP rate limits."
msgstr ""
msgid "Configure the %{link} integration."
msgstr ""
......@@ -20777,6 +20774,9 @@ msgstr ""
msgid "Maximum attachment size (MB)"
msgstr ""
msgid "Maximum authenticated API requests per rate limit period per user"
msgstr ""
msgid "Maximum bulk request size (MiB)"
msgstr ""
......@@ -20927,6 +20927,9 @@ msgstr ""
msgid "Maximum time that users are allowed to skip the setup of two-factor authentication (in hours). Set to 0 (zero) to enforce at next sign in."
msgstr ""
msgid "Maximum unauthenticated API requests per rate limit period per IP"
msgstr ""
msgid "May"
msgstr ""
......@@ -23821,9 +23824,6 @@ msgstr ""
msgid "Package Registry"
msgstr ""
msgid "Package Registry Rate Limits"
msgstr ""
msgid "Package Registry: authenticated API requests"
msgstr ""
......@@ -23842,6 +23842,9 @@ msgstr ""
msgid "Package recipe already exists"
msgstr ""
msgid "Package registry rate limits"
msgstr ""
msgid "Package type"
msgstr ""
......@@ -30751,6 +30754,9 @@ msgstr ""
msgid "Set projects and maximum size limits, session duration, user options, and check feature availability for namespace plan."
msgstr ""
msgid "Set rate limits for package registry API requests that supersede the general user and IP rate limits."
msgstr ""
msgid "Set severity"
msgstr ""
......@@ -33674,6 +33680,9 @@ msgstr ""
msgid "The number of times an upload record could not find its file"
msgstr ""
msgid "The package registry rate limits can help reduce request volume (like from crawlers or abusive bots)."
msgstr ""
msgid "The page could not be displayed because it timed out."
msgstr ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment