From 54b38529be226f9cdcaf76a1b0d790f5a8a2c3bc Mon Sep 17 00:00:00 2001 From: Tiago Botelho Date: Thu, 25 Jan 2018 12:34:57 +0000 Subject: [PATCH] Fix Rack Attack documentation to reflect the feature being disabled by default --- doc/security/rack_attack.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md index c61729581e8..4d1e157031c 100644 --- a/doc/security/rack_attack.md +++ b/doc/security/rack_attack.md @@ -14,8 +14,8 @@ limited to 6 requests per minute. After trying for 6 times, the client will have to wait for the next minute to be able to try again. If you installed or upgraded GitLab by following the [official guides](../install/README.md) -this should be enabled by default. If your instance is not exposed to any incoming -connections, it is recommended to disable Rack Attack. +this should be disabled by default. If your instance is not exposed to any incoming +connections, it is recommended to leave Rack Attack disabled. For more information on how to use these options check out [rack-attack README](https://github.com/kickstarter/rack-attack/blob/master/README.md). @@ -45,7 +45,7 @@ For more information on how to use these options check out The following settings can be configured: -- `enabled`: By default this is set to `true`. Set this to `false` to disable Rack Attack. +- `enabled`: By default this is set to `false`. Set this to `true` to enable Rack Attack. - `ip_whitelist`: Whitelist any IPs from being blocked. They must be formatted as strings within a ruby array. For example, `["127.0.0.1", "127.0.0.2", "127.0.0.3"]`. - `maxretry`: The maximum amount of times a request can be made in the