Commit 0024362d authored by Evan Read's avatar Evan Read

Merge branch 'kpaizee-webhook-rate-limits' into 'master'

Add webhook rate limits to rate limits page

See merge request gitlab-org/gitlab!73689
parents 5d71ad08 1dd1b980
...@@ -231,7 +231,7 @@ Rate limits also improve the security of your application. ...@@ -231,7 +231,7 @@ Rate limits also improve the security of your application.
### Configure rate limits for self-managed GitLab ### Configure rate limits for self-managed GitLab
You can make changes to your default rate limits from the Admin Area. For more information about configuration, see the [Admin Area page](../security/rate_limits.md#admin-area-settings). You can make changes to your default rate limits from the Admin Area. For more information about configuration, see the [Admin Area page](../security/rate_limits.md#configurable-limits).
- Define [issues rate limits](../user/admin_area/settings/rate_limit_on_issues_creation.md) to set a maximum number of issue creation requests per minute, per user. - Define [issues rate limits](../user/admin_area/settings/rate_limit_on_issues_creation.md) to set a maximum number of issue creation requests per minute, per user.
- Enforce [user and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md) for unauthenticated web requests. - Enforce [user and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md) for unauthenticated web requests.
...@@ -249,7 +249,7 @@ Rate limits also improve the security of your application. ...@@ -249,7 +249,7 @@ Rate limits also improve the security of your application.
### Configure rate limits for GitLab SaaS ### Configure rate limits for GitLab SaaS
You can make changes to your default rate limits from the Admin Area. For more information about configuration, see the [Admin Area page](../security/rate_limits.md#admin-area-settings). You can make changes to your default rate limits from the Admin Area. For more information about configuration, see the [Admin Area page](../security/rate_limits.md#configurable-limits).
- Review the rate limit page. - Review the rate limit page.
- Read our [API page](../api/index.md) for more information about API and rate limiting. - Read our [API page](../api/index.md) for more information about API and rate limiting.
......
...@@ -143,6 +143,9 @@ This only applies to project and group webhooks. ...@@ -143,6 +143,9 @@ This only applies to project and group webhooks.
Calls over the rate limit are logged into `auth.log`. Calls over the rate limit are logged into `auth.log`.
To set this limit for a self-managed installation, run the following in the
[GitLab Rails console](operations/rails_console.md#starting-a-rails-console-session):
```ruby ```ruby
# If limits don't exist for the default plan, you can create one with: # If limits don't exist for the default plan, you can create one with:
# Plan.default.create_limits! # Plan.default.create_limits!
......
...@@ -27,7 +27,7 @@ Most cases can be mitigated by limiting the rate of requests from a single IP ad ...@@ -27,7 +27,7 @@ Most cases can be mitigated by limiting the rate of requests from a single IP ad
Most [brute-force attacks](https://en.wikipedia.org/wiki/Brute-force_attack) are Most [brute-force attacks](https://en.wikipedia.org/wiki/Brute-force_attack) are
similarly mitigated by a rate limit. similarly mitigated by a rate limit.
## Admin Area settings ## Configurable limits
You can set these rate limits in the Admin Area of your instance: You can set these rate limits in the Admin Area of your instance:
...@@ -42,6 +42,10 @@ You can set these rate limits in the Admin Area of your instance: ...@@ -42,6 +42,10 @@ You can set these rate limits in the Admin Area of your instance:
- [Files API rate limits](../user/admin_area/settings/files_api_rate_limits.md) - [Files API rate limits](../user/admin_area/settings/files_api_rate_limits.md)
- [Deprecated API rate limits](../user/admin_area/settings/deprecated_api_rate_limits.md) - [Deprecated API rate limits](../user/admin_area/settings/deprecated_api_rate_limits.md)
You can set these rate limits using the Rails console:
- [Webhook rate limit](../administration/instance_limits.md#webhook-rate-limit)
## Failed authentication ban for Git and container registry ## Failed authentication ban for Git and container registry
GitLab returns HTTP status code `403` for 1 hour, if 30 failed authentication requests were received GitLab returns HTTP status code `403` for 1 hour, if 30 failed authentication requests were received
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment