Commit 209d0762db1522d395f9059befcd0c5b3c6336cc
1 parent
96b75b76
Exists in
master
and in
2 other branches
Update rack_attack gitlab-rails template
Showing
1 changed file
with
10 additions
and
2 deletions
Show diff stats
files/gitlab-cookbooks/gitlab/templates/default/rack_attack.rb.erb
| ... | ... | @@ -12,11 +12,19 @@ paths_to_be_protected = [ |
| 12 | 12 | "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json", |
| 13 | 13 | "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session", |
| 14 | 14 | "#{Rails.application.config.relative_url_root}/users", |
| 15 | - "#{Rails.application.config.relative_url_root}/users/confirmation" | |
| 15 | + "#{Rails.application.config.relative_url_root}/users/confirmation", | |
| 16 | + "#{Rails.application.config.relative_url_root}/unsubscribes/" | |
| 17 | + | |
| 16 | 18 | ] |
| 17 | 19 | |
| 20 | +# Create one big regular expression that matches strings starting with any of | |
| 21 | +# the paths_to_be_protected. | |
| 22 | +paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ }) | |
| 23 | + | |
| 18 | 24 | unless Rails.env.test? |
| 19 | 25 | Rack::Attack.throttle('protected paths', limit: <%= @rate_limit_requests_per_period %>, period: <%= @rate_limit_period %>.seconds) do |req| |
| 20 | - req.ip if paths_to_be_protected.include?(req.path) && req.post? | |
| 26 | + if req.post? && req.path =~ paths_regex | |
| 27 | + req.ip | |
| 28 | + end | |
| 21 | 29 | end |
| 22 | 30 | end | ... | ... |