Enforce rate limit per IP on /users/sign_up (!77835) · Merge requests · GitLab.org / GitLab

Magdalena Frankiewicz requested to merge rate-limit-sign-up-endpoint into master Jan 09, 2022

What does this MR do and why?

This MR enforces a rate limit per IP address on the /users/sign_up endpoint. This is to mitigate attempts to misuse the endpoint, for example to mass-discover usernames/emails in use. It refers to https://gitlab.com/gitlab-org/gitlab/-/issues/339151

Rollout issue for the feature flag: #349843 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jan 10, 2022 by Magdalena Frankiewicz

Enforce rate limit per IP on /users/sign_up

What does this MR do and why?

MR acceptance checklist

Merge request reports