add note about not using KEYS in redis

parent 41576e3c
......@@ -86,6 +86,15 @@ worker$ /opt/gitlab/embedded/bin/redis-cli -h 10.0.0.1
This will ban the IP for 24 hours (86400 seconds) by storing the value "1" in the listed
key. Since this isn't a preferred method to blacklist a host it's best not to use a longer TTL.
`setex` is equivalent to `set <keyname> <keyvalue> ex <expiry_period_in_s>`
### Get currently banned IPs
DO NOT use `KEYS` for searching for keys on production, this will freeze the redis server for tens of seconds if not minutes.
Instead use:
```
/opt/gitlab/embedded/bin/redis-cli -a $REDIS_MASTER_AUTH -h 127.0.0.1 -p 6379 --scan --pattern 'cache:gitlab:rack::attack:allow2ban:ban:*'
```
### Should a block need to be removed
......@@ -96,3 +105,10 @@ worker$ /opt/gitlab/embedded/bin/redis-cli -h 10.0.0.1
10.0.0.1:6379> auth <password>
10.0.0.1:6379> del cache:gitlab:rack::attack:allow2ban:ban:192.168.0.1
```
### Rack attack redis data structure
Banned ip addresses are stored as names of keys.
These keys are of type string.
Storing the value of "1" will block the ip address.
The namespaces used for storing those keys is `cache:gitlab:rack::attack:allow2ban:ban`
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment