diff --git a/doc/security/rate_limits.md b/doc/security/rate_limits.md index 0e5bdcd9c79..c80f2f264b2 100644 --- a/doc/security/rate_limits.md +++ b/doc/security/rate_limits.md @@ -22,11 +22,12 @@ similarly mitigated by a rate limit. ## Admin Area settings -See -[User and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md). +- [User and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md). +- [Rate limits on raw endpoints](../user/admin_area/settings/rate_limits_on_raw_endpoints.md) ## Rack Attack initializer This method of rate limiting is cumbersome, but has some advantages. It allows throttling of specific paths, and is also integrated into Git and container registry requests. See [Rack Attack initializer](rack_attack.md). + diff --git a/doc/user/admin_area/settings/img/rate_limits_on_raw_endpoints.png b/doc/user/admin_area/settings/img/rate_limits_on_raw_endpoints.png new file mode 100644 index 00000000000..c32eb93c8a8 Binary files /dev/null and b/doc/user/admin_area/settings/img/rate_limits_on_raw_endpoints.png differ diff --git a/doc/user/admin_area/settings/rate_limits_on_raw_endpoints.md b/doc/user/admin_area/settings/rate_limits_on_raw_endpoints.md new file mode 100644 index 00000000000..b2d56be154b --- /dev/null +++ b/doc/user/admin_area/settings/rate_limits_on_raw_endpoints.md @@ -0,0 +1,20 @@ +--- +type: reference +--- + +# Rate limits on raw endpoints **(CORE ONLY)** + +> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30829) in GitLab 12.2. + +This setting allows you to rate limit the requests to raw endpoints, defaults to `300` requests per minute. +It can be modified in **Admin Area > Network > Performance Optimization**. + +For example, requests over `300` per minute to `https://gitlab.com/gitlab-org/gitlab-ce/raw/master/app/controllers/application_controller.rb` will be blocked. + +![Rate limits on raw endpoints](img/rate_limits_on_raw_endpoints.png) + +This limit is: + +- Applied independently per project, per commit and per file path. +- Not applied per IP address. +- Active by default. To disable, set the option to `0`.