diff --git a/config/initializers/rack_attack.rb.example b/config/initializers/rack_attack.rb.example
index 1d10a53d505d0c4f8d449bc45c6984b8ad3994a8..bc3234bf0b68d05f500d6149c6bb4efc19c2357f 100644
--- a/config/initializers/rack_attack.rb.example
+++ b/config/initializers/rack_attack.rb.example
@@ -7,7 +7,8 @@ paths_to_be_protected = [
   "#{Rails.application.config.relative_url_root}/users/sign_in",
   "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json",
   "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session",
-  "#{Rails.application.config.relative_url_root}/users"
+  "#{Rails.application.config.relative_url_root}/users",
+  "#{Rails.application.config.relative_url_root}/users/confirmation"
 ]
 
 unless Rails.env.test?