Disable protected path throttling by default (!19185) · Merge requests · GitLab.org / GitLab

Stan Hu requested to merge sh-change-throttle-protected-paths-default into master Oct 26, 2019

In GitLab 11.0 (see gitlab-foss#40973 (closed) and omnibus-gitlab!2237 (merged)), we disabled Rack Attack by default in Omnibus.

We inadvertently enabled them by default in GitLab 12.4 via !16463 (merged). This commit introduces a database migration to restore the default to off.

Because we already set the default value to true in the previous migration, this feature was switched on inadvertently in GitLab 12.4. This migration toggles it back off to ensure we don't inadvertently block legitimate users. The admin will have to re-enable it in the application settings.

Closes #34212 (closed)

Edited Oct 26, 2019 by Stan Hu

Disable protected path throttling by default

Merge request reports