Merge branch 'mk/remove-jwt-from-rate-limit-docs' into 'master'

Note CI token exception to JWT requests in rate limit docs See merge request gitlab-org/gitlab-ce!32168

Merge branch 'mk/remove-jwt-from-rate-limit-docs' into 'master'
Note CI token exception to JWT requests in rate limit docs See merge request gitlab-org/gitlab-ce!32168
fb276565 · Evan Read · 6262a91e · 8af8da09 · fb276565 · fb276565
Commit fb276565 authored Aug 28, 2019 by Evan Read
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletion

doc/security/rack_attack.md doc/security/rack_attack.md +2 -0

doc/user/gitlab_com/index.md doc/user/gitlab_com/index.md +3 -1

No files found.
--- a/doc/security/rack_attack.md
+++ b/doc/security/rack_attack.md
@@ -81,6 +81,8 @@ This limit is reset by requests that authenticate successfully. For example, 29
 failed authentication requests followed by 1 successful request, followed by 29
 more failed authentication requests would not trigger a ban.

+JWT requests authenticated by gitlab-ci-token are excluded from this limit.
+
 No response headers are provided.

 ## Settings

--- a/doc/user/gitlab_com/index.md
+++ b/doc/user/gitlab_com/index.md
@@ -314,7 +314,7 @@ Source:

 #### Git and container registry failed authentication ban

-GitLab.com responds with HTTP status code 403 for 1 hour, if 30 failed
+GitLab.com responds with HTTP status code `403` for 1 hour, if 30 failed
 authentication requests were received in a 3-minute period from a single IP address.

 This applies only to Git requests and container registry (`/jwt/auth`) requests
@@ -324,6 +324,8 @@ This limit is reset by requests that authenticate successfully. For example, 29
 failed authentication requests followed by 1 successful request, followed by 29
 more failed authentication requests would not trigger a ban.

+JWT requests authenticated by gitlab-ci-token are excluded from this limit.
+
 No response headers are provided.

 ### Admin Area settings