OKR: Admin Area-Network/ Package Registry Rate Limits

app/views/admin/application_settings/_package_registry_limits.html.haml

@@ -2,36 +2,31 @@
   = form_errors(@application_setting)
 
   %fieldset
-    %h5
-      = _('Unauthenticated API request rate limit')
+    = _("The package registry rate limits can help reduce request volume (like from crawlers or abusive bots).")
+
+  %fieldset
     .form-group
       .form-check
         = f.check_box :throttle_unauthenticated_packages_api_enabled, class: 'form-check-input', data: { qa_selector: 'throttle_unauthenticated_packages_api_checkbox' }
         = f.label :throttle_unauthenticated_packages_api_enabled, class: 'form-check-label label-bold' do
           = _('Enable unauthenticated API request rate limit')
-        %span.form-text.text-muted
-          = _('Helps reduce request volume (e.g. from crawlers or abusive bots)')
     .form-group
-      = f.label :throttle_unauthenticated_packages_api_requests_per_period, 'Max unauthenticated API requests per period per IP', class: 'label-bold'
+      = f.label :throttle_unauthenticated_packages_api_requests_per_period, _('Maximum unauthenticated API requests per rate limit period per IP'), class: 'label-bold'
       = f.number_field :throttle_unauthenticated_packages_api_requests_per_period, class: 'form-control gl-form-input'
     .form-group
-      = f.label :throttle_unauthenticated_packages_api_period_in_seconds, 'Unauthenticated API rate limit period in seconds', class: 'label-bold'
+      = f.label :throttle_unauthenticated_packages_api_period_in_seconds, _('Unauthenticated API rate limit period in seconds'), class: 'label-bold'
       = f.number_field :throttle_unauthenticated_packages_api_period_in_seconds, class: 'form-control gl-form-input'
     %hr
-    %h5
-      = _('Authenticated API request rate limit')
     .form-group
       .form-check
         = f.check_box :throttle_authenticated_packages_api_enabled, class: 'form-check-input', data: { qa_selector: 'throttle_authenticated_packages_api_checkbox' }
         = f.label :throttle_authenticated_packages_api_enabled, class: 'form-check-label label-bold' do
           = _('Enable authenticated API request rate limit')
-        %span.form-text.text-muted
-          = _('Helps reduce request volume (e.g. from crawlers or abusive bots)')
     .form-group
-      = f.label :throttle_authenticated_packages_api_requests_per_period, 'Max authenticated API requests per period per user', class: 'label-bold'
+      = f.label :throttle_authenticated_packages_api_requests_per_period, _('Maximum authenticated API requests per rate limit period per user'), class: 'label-bold'
       = f.number_field :throttle_authenticated_packages_api_requests_per_period, class: 'form-control gl-form-input'
     .form-group
-      = f.label :throttle_authenticated_packages_api_period_in_seconds, 'Authenticated API rate limit period in seconds', class: 'label-bold'
+      = f.label :throttle_authenticated_packages_api_period_in_seconds, _('Authenticated API rate limit period in seconds'), class: 'label-bold'
       = f.number_field :throttle_authenticated_packages_api_period_in_seconds, class: 'form-control gl-form-input'
 
   = f.submit _('Save changes'), class: "gl-button btn btn-confirm", data: { qa_selector: 'save_changes_button' }

app/views/admin/application_settings/network.html.haml

@@ -27,11 +27,12 @@
 %section.settings.as-packages-limits.no-animate#js-packages-limits-settings{ class: ('expanded' if expanded_by_default?), data: { qa_selector: 'packages_limits_content' } }
   .settings-header
     %h4
-      = _('Package Registry Rate Limits')
+      = _('Package registry rate limits')
     %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
       = expanded_by_default? ? _('Collapse') : _('Expand')
     %p
-      = _('Configure specific limits for Packages API requests that supersede the general user and IP rate limits.')
+      = _('Set rate limits for package registry API requests that supersede the general user and IP rate limits.')
+      = link_to _('Learn more.'), help_page_path('user/admin_area/settings/package_registry_rate_limits.md'), target: '_blank', rel: 'noopener noreferrer'
   .settings-content
     = render 'package_registry_limits'
 - if Feature.enabled?(:files_api_throttling, default_enabled: :yaml)

doc/user/admin_area/settings/package_registry_rate_limits.md

@@ -7,28 +7,47 @@ type: reference
 
 # Package Registry Rate Limits **(FREE SELF)**
 
-Rate limiting is a common technique used to improve the security and durability of a web
-application. For more details, see [Rate limits](../../../security/rate_limits.md). General user and
-IP rate limits can be enforced from the top bar at
-**Menu > Admin > Settings > Network > User and IP rate limits**.
-For more details, see [User and IP rate limits](user_and_ip_rate_limits.md).
-
 With the [GitLab Package Registry](../../packages/package_registry/index.md),
 you can use GitLab as a private or public registry for a variety of common package managers. You can
 publish and share packages, which others can consume as a dependency in downstream projects through
 the [Packages API](../../../api/packages.md).
 
-When downloading such dependencies in downstream projects, many requests are made through the
-Packages API. You may therefore reach enforced user and IP rate limits. To address this issue, you
-can define specific rate limits for the Packages API in
-**Menu > Admin > Settings > Network > Package Registry Rate Limits**:
+If downstream projects frequently download such dependencies, many requests are made through the
+Packages API. You may therefore reach enforced [user and IP rate limits](user_and_ip_rate_limits.md).
+To address this issue, you can define specific rate limits for the Packages API:
+
+- [Unauthenticated requests (per IP)](#enable-unauthenticated-request-rate-limit-for-packages-api).
+- [Authenticated API requests (per user)](#enable-authenticated-api-request-rate-limit-for-packages-api).
+
+These limits are disabled by default.
+
+When enabled, they supersede the general user and IP rate limits for requests to
+the Packages API. You can therefore keep the general user and IP rate limits, and
+increase the rate limits for the Packages API. Besides this precedence, there is
+no difference in functionality compared to the general user and IP rate limits.
+
+## Enable unauthenticated request rate limit for packages API
+
+To enable the unauthenticated request rate limit:
+
+1. On the top bar, select **Menu > Admin**.
+1. On the left sidebar, select **Settings > Network**, and expand **Package registry rate limits**.
+1. Select **Enable unauthenticated request rate limit**.
+
+   - Optional. Update the **Maximum unauthenticated requests per rate limit period per IP** value.
+     Defaults to `800`.
+   - Optional. Update the **Unauthenticated rate limit period in seconds** value.
+     Defaults to `15`.
+
+## Enable authenticated API request rate limit for packages API
 
-- Unauthenticated Packages API requests
-- Authenticated Packages API requests
+To enable the authenticated API request rate limit:
 
-These limits are disabled by default. When enabled, they supersede the general user and IP rate
-limits for requests to the Packages API. You can therefore keep the general user and IP rate limits,
-and increase (if necessary) the rate limits for the Packages API.
+1. On the top bar, select **Menu > Admin**.
+1. On the left sidebar, select **Settings > Network**, and expand **Package registry rate limits**.
+1. Select **Enable authenticated API request rate limit**.
 
-Besides this precedence, there are no differences in functionality compared to the general user and
-IP rate limits. For more details, see [User and IP rate limits](user_and_ip_rate_limits.md).
+   - Optional. Update the **Maximum authenticated API requests per rate limit period per user** value.
+     Defaults to `1000`.
+   - Optional. Update the **Authenticated API rate limit period in seconds** value.
+     Defaults to `15`.

locale/gitlab.pot

@@ -8544,9 +8544,6 @@ msgstr ""
 msgid "Configure specific limits for Git LFS requests that supersede the general user and IP rate limits."
 msgstr ""
 
-msgid "Configure specific limits for Packages API requests that supersede the general user and IP rate limits."
-msgstr ""
-
 msgid "Configure the %{link} integration."
 msgstr ""
 
@@ -20777,6 +20774,9 @@ msgstr ""
 msgid "Maximum attachment size (MB)"
 msgstr ""
 
+msgid "Maximum authenticated API requests per rate limit period per user"
+msgstr ""
+
 msgid "Maximum bulk request size (MiB)"
 msgstr ""
 
@@ -20927,6 +20927,9 @@ msgstr ""
 msgid "Maximum time that users are allowed to skip the setup of two-factor authentication (in hours). Set to 0 (zero) to enforce at next sign in."
 msgstr ""
 
+msgid "Maximum unauthenticated API requests per rate limit period per IP"
+msgstr ""
+
 msgid "May"
 msgstr ""
 
@@ -23821,9 +23824,6 @@ msgstr ""
 msgid "Package Registry"
 msgstr ""
 
-msgid "Package Registry Rate Limits"
-msgstr ""
-
 msgid "Package Registry: authenticated API requests"
 msgstr ""
 
@@ -23842,6 +23842,9 @@ msgstr ""
 msgid "Package recipe already exists"
 msgstr ""
 
+msgid "Package registry rate limits"
+msgstr ""
+
 msgid "Package type"
 msgstr ""
 
@@ -30751,6 +30754,9 @@ msgstr ""
 msgid "Set projects and maximum size limits, session duration, user options, and check feature availability for namespace plan."
 msgstr ""
 
+msgid "Set rate limits for package registry API requests that supersede the general user and IP rate limits."
+msgstr ""
+
 msgid "Set severity"
 msgstr ""
 
@@ -33674,6 +33680,9 @@ msgstr ""
 msgid "The number of times an upload record could not find its file"
 msgstr ""
 
+msgid "The package registry rate limits can help reduce request volume (like from crawlers or abusive bots)."
+msgstr ""
+
 msgid "The page could not be displayed because it timed out."
 msgstr ""