Enable rack attack and add a throttle.

2013-09-24 23:12:31 +02:00 · 2013-09-24 23:12:31 +02:00 · c562d290ea
parent 66c7eedec7
commit c562d290ea
2 changed files with 6 additions and 0 deletions
--- a/config/application.rb
+++ b/config/application.rb
@ -77,5 +77,8 @@ module Gitlab
    # 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT']
    #
    # config.relative_url_root = "/gitlab"
+
+    # Enable rack attack middleware
+    config.middleware.use Rack::Attack
  end
 end
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@ -0,0 +1,3 @@
+Rack::Attack.throttle('user logins, registration and password reset', limit: 6, period: 60.seconds) do |req|
+  req.ip if ["/users/password", "/users/sign_in", "/users"].include?(req.path) && req.post?
+end