Add rack attack configuration API to enable live spam fight
Description
We are having more and more SPAM, and it's getting expensive to deal with it from both the infra and the security perspective. The last days @briann has been basically login to redis manually to add banned ips to rack attach following this procedure.
This is cumbersome, slow, and error prone.
Proposal
I propose that we create an admin API to manage rack attack through it without even leaving the comfort of the infrastructure channel.
We don't need to have slash commands directly, because that would make it way harder, but just a single way of managing these operations live from the application, without having to change omnibus configuration and restart the application, simply because we just can't do it.
It would be awesome if we can also throttle users with this same endpoint, this way we can start punishing spammers without forcing them to go to a different ip and play whack-a-mole the whole night.
Links / references
- GitLab rack attack help: https://gitlab.com/help/security/rack_attack.md
- Rack attack runbook: https://gitlab.com/gitlab-com/runbooks/blob/master/howto/ban-an-IP-with-redis.md
- Rack attack supported behaviors: https://github.com/kickstarter/rack-attack#usage
cc/ @smcgivern @DouweM @stanhu @rspeicher @briann @northrup @omame