Merge branch 'update-rack-attack-deprecation-note-in-docs' into 'master'

Adds rack attack disabled by default notice to documentation See merge request gitlab-org/gitlab-ce!20833

Merge branch 'update-rack-attack-deprecation-note-in-docs' into 'master'
Adds rack attack disabled by default notice to documentation See merge request gitlab-org/gitlab-ce!20833
9aa07a7e · Douwe Maan · cd03a8ad · f0f285ef · 9aa07a7e
Commit 9aa07a7e authored Jul 25, 2018 by Douwe Maan
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

doc/security/rack_attack.md doc/security/rack_attack.md +4 -0

No files found.
--- a/doc/security/rack_attack.md
+++ b/doc/security/rack_attack.md
@@ -9,6 +9,10 @@ In case you find throttling is not enough to protect you against abusive clients
 Rack Attack offers IP whitelisting, blacklisting, Fail2ban style filtering and
 tracking.

+**Note:** Starting with 11.2, Rack Attack is disabled by default. To continue
+using this feature, please enable it in your `gitlab.rb` by setting 
+`gitlab_rails['rack_attack_git_basic_auth'] = true`.
+
 By default, user sign-in, user sign-up (if enabled), and user password reset is
 limited to 6 requests per minute. After trying for 6 times, the client will
 have to wait for the next minute to be able to try again.