Commit f13da91936ede8b39c585db68e6ca1a96d579e4b
Exists in
master
and in
2 other branches
Merge branch 'template/rack_attack' into 'master'
Update rack_attack gitlab-rails template See merge request !190
Showing
1 changed file
with
10 additions
and
2 deletions
Show diff stats
files/gitlab-cookbooks/gitlab/templates/default/rack_attack.rb.erb
| @@ -12,11 +12,19 @@ paths_to_be_protected = [ | @@ -12,11 +12,19 @@ paths_to_be_protected = [ | ||
| 12 | "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json", | 12 | "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json", |
| 13 | "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session", | 13 | "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session", |
| 14 | "#{Rails.application.config.relative_url_root}/users", | 14 | "#{Rails.application.config.relative_url_root}/users", |
| 15 | - "#{Rails.application.config.relative_url_root}/users/confirmation" | 15 | + "#{Rails.application.config.relative_url_root}/users/confirmation", |
| 16 | + "#{Rails.application.config.relative_url_root}/unsubscribes/" | ||
| 17 | + | ||
| 16 | ] | 18 | ] |
| 17 | 19 | ||
| 20 | +# Create one big regular expression that matches strings starting with any of | ||
| 21 | +# the paths_to_be_protected. | ||
| 22 | +paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ }) | ||
| 23 | + | ||
| 18 | unless Rails.env.test? | 24 | unless Rails.env.test? |
| 19 | Rack::Attack.throttle('protected paths', limit: <%= @rate_limit_requests_per_period %>, period: <%= @rate_limit_period %>.seconds) do |req| | 25 | Rack::Attack.throttle('protected paths', limit: <%= @rate_limit_requests_per_period %>, period: <%= @rate_limit_period %>.seconds) do |req| |
| 20 | - req.ip if paths_to_be_protected.include?(req.path) && req.post? | 26 | + if req.post? && req.path =~ paths_regex |
| 27 | + req.ip | ||
| 28 | + end | ||
| 21 | end | 29 | end |
| 22 | end | 30 | end |