Enable rack attack and add a throttle.

Marin Jankovski
1 parent 66c7eede
Showing 2 changed files with 6 additions and 0 deletions Show diff stats
config/application.rb
config/initializers/rack_attack.rb
@@ -77,5 +77,8 @@ module Gitlab
     # 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT']
     #
     # config.relative_url_root = "/gitlab"
+
+    # Enable rack attack middleware
+    config.middleware.use Rack::Attack
   end
 end
@@ -0,0 +1,3 @@
+Rack::Attack.throttle('user logins, registration and password reset', limit: 6, period: 60.seconds) do |req|
+  req.ip if ["/users/password", "/users/sign_in", "/users"].include?(req.path) && req.post?
+end
...	...	@@ -77,5 +77,8 @@ module Gitlab
77	77	# 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT']
78	78	#
79	79	# config.relative_url_root = "/gitlab"
	80	+
	81	+ # Enable rack attack middleware
	82	+ config.middleware.use Rack::Attack
80	83	end
81	84	end
...	...
...	...	@@ -0,0 +1,3 @@
	1	+Rack::Attack.throttle('user logins, registration and password reset', limit: 6, period: 60.seconds) do \|req\|
	2	+ req.ip if ["/users/password", "/users/sign_in", "/users"].include?(req.path) && req.post?
	3	+end
...	...