Download as
Browse Code »

Commit c562d290eaab16f8e72e7e3e9ff188e172372226

Authored by Marin Jankovski
1 parent 66c7eede
Exists in master and in 4 other branches 6-8-stable, 7-0-stable, 7-0-stable-spb, spb-stable

Enable rack attack and add a throttle.

Showing 2 changed files with 6 additions and 0 deletions   Show diff stats
config/application.rb
  Diff comments   View file @c562d29
@@ -77,5 +77,8 @@ module Gitlab @@ -77,5 +77,8 @@ module Gitlab
77 # 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT'] 77 # 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT']
78 # 78 #
79 # config.relative_url_root = "/gitlab" 79 # config.relative_url_root = "/gitlab"
  80 +
  81 + # Enable rack attack middleware
  82 + config.middleware.use Rack::Attack
80 end 83 end
81 end 84 end
config/initializers/rack_attack.rb 0 → 100644
  Diff comments   View file @c562d29
@@ -0,0 +1,3 @@ @@ -0,0 +1,3 @@
  1 +Rack::Attack.throttle('user logins, registration and password reset', limit: 6, period: 60.seconds) do |req|
  2 + req.ip if ["/users/password", "/users/sign_in", "/users"].include?(req.path) && req.post?
  3 +end