Commit 379bdf7c authored by Marcia Ramos's avatar Marcia Ramos

Merge branch 'john-mason-master-patch-43837' into 'master'

Change management issue for `prevent_abusive_searches` feature flag

See merge request gitlab-org/gitlab!76892
parents 79f66000 0d0159cb
...@@ -140,3 +140,28 @@ its performance: ...@@ -140,3 +140,28 @@ its performance:
| Issues | `global_search_issues_tab` | When enabled, the global search includes issues as part of the search. | | Issues | `global_search_issues_tab` | When enabled, the global search includes issues as part of the search. |
| Merge Requests | `global_search_merge_requests_tab` | When enabled, the global search includes merge requests as part of the search. | | Merge Requests | `global_search_merge_requests_tab` | When enabled, the global search includes merge requests as part of the search. |
| Wiki | `global_search_wiki_tab` | When enabled, the global search includes wiki as part of the search. [Group wikis](../project/wiki/group.md) are not included. | | Wiki | `global_search_wiki_tab` | When enabled, the global search includes wiki as part of the search. [Group wikis](../project/wiki/group.md) are not included. |
## Global Search validation
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/346263) in GitLab 14.6 [with a flag](../../administration/feature_flags.md) named `prevent_abusive_searches`. Disabled by default.
FLAG:
On self-managed GitLab, by default this feature is not available. To make it available,
ask an administrator to [enable the feature flag](../../administration/feature_flags.md) named `prevent_abusive_searches`.
The feature is not ready for production use.
To prevent abusive searches, such as searches that may result in a Distributed Denial of Service (DDoS), Global Search ignores, logs, and
doesn't return any results for searches considered abusive according to the following criteria, if `prevent_abusive_searches` feature flag is enabled:
- Searches with less than 2 characters.
- Searches with any term greater than 100 characters. URL search terms have a maximum of 200 characters.
- Searches with a stop word as the only term (ie: "the", "and", "if", etc.).
- Searches with a `group_id` or `project_id` parameter that is not completely numeric.
- Searches with a `repository_ref` or `project_ref` parameter that has special characters not allowed by [Git refname](https://git-scm.com/docs/git-check-ref-format).
- Searches with a `scope` that is unknown.
Regardless of the status of the `prevent_abusive_searches` feature flag, searches that don't
comply with the criteria described below aren't logged as abusive but are flagged with an error:
- Searches with more than 4096 characters.
- Searches with more than 64 terms.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment