Add docs for rate limiter on raw endpoints

The section was included on security/raw_limits and on the admin area
settings.

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/48717

doc/security/rate_limits.md

@@ -22,11 +22,12 @@ similarly mitigated by a rate limit.
 
 ## Admin Area settings
 
-See
-[User and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md).
+- [User and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md).
+- [Rate limits on raw endpoints](../user/admin_area/settings/rate_limits_on_raw_endpoints.md)
 
 ## Rack Attack initializer
 
 This method of rate limiting is cumbersome, but has some advantages. It allows
 throttling of specific paths, and is also integrated into Git and container
 registry requests. See [Rack Attack initializer](rack_attack.md).
+

doc/user/admin_area/settings/rate_limits_on_raw_endpoints.md

@@ -0,0 +1,20 @@
+---
+type: reference
+---
+
+# Rate limits on raw endpoints **(CORE ONLY)**
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30829) in GitLab 12.2.
+
+This setting allows you to rate limit the requests to raw endpoints, defaults to `300` requests per minute. 
+It can be modified in **Admin Area > Network > Performance Optimization**.
+
+For example, requests over `300` per minute to `https://gitlab.com/gitlab-org/gitlab-ce/raw/master/app/controllers/application_controller.rb` will be blocked.
+
+![Rate limits on raw endpoints](img/rate_limits_on_raw_endpoints.png)
+
+This limit is:
+
+- Applied independently per project, per commit and per file path.
+- Not applied per IP address.
+- Active by default. To disable, set the option to `0`.