diff --git a/files/gitlab-cookbooks/gitlab/templates/default/rack_attack.rb.erb b/files/gitlab-cookbooks/gitlab/templates/default/rack_attack.rb.erb
index 3e17bb8..2402c0c 100644
--- a/files/gitlab-cookbooks/gitlab/templates/default/rack_attack.rb.erb
+++ b/files/gitlab-cookbooks/gitlab/templates/default/rack_attack.rb.erb
@@ -12,11 +12,19 @@ paths_to_be_protected = [
   "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json",
   "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session",
   "#{Rails.application.config.relative_url_root}/users",
-  "#{Rails.application.config.relative_url_root}/users/confirmation"
+  "#{Rails.application.config.relative_url_root}/users/confirmation",
+  "#{Rails.application.config.relative_url_root}/unsubscribes/"
+
 ]
 
+# Create one big regular expression that matches strings starting with any of
+# the paths_to_be_protected.
+paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ })
+
 unless Rails.env.test?
   Rack::Attack.throttle('protected paths', limit: <%= @rate_limit_requests_per_period %>, period: <%= @rate_limit_period %>.seconds) do |req|
-    req.ip if paths_to_be_protected.include?(req.path) && req.post?
+    if req.post? && req.path =~ paths_regex
+      req.ip
+    end
   end
 end
--
libgit2 0.21.2