From c562d290eaab16f8e72e7e3e9ff188e172372226 Mon Sep 17 00:00:00 2001
From: Marin Jankovski <maxlazio@gmail.com>
Date: Tue, 24 Sep 2013 23:12:31 +0200
Subject: [PATCH] Enable rack attack and add a throttle.

---
 config/application.rb              | 3 +++
 config/initializers/rack_attack.rb | 3 +++
 2 files changed, 6 insertions(+), 0 deletions(-)
 create mode 100644 config/initializers/rack_attack.rb

diff --git a/config/application.rb b/config/application.rb
index 8ac07ef..6ddc870 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -77,5 +77,8 @@ module Gitlab
     # 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT']
     #
     # config.relative_url_root = "/gitlab"
+
+    # Enable rack attack middleware
+    config.middleware.use Rack::Attack
   end
 end
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
new file mode 100644
index 0000000..88e638b
--- /dev/null
+++ b/config/initializers/rack_attack.rb
@@ -0,0 +1,3 @@
+Rack::Attack.throttle('user logins, registration and password reset', limit: 6, period: 60.seconds) do |req|
+  req.ip if ["/users/password", "/users/sign_in", "/users"].include?(req.path) && req.post?
+end
--
libgit2 0.21.2