diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md index 4ad5fd0d16c9fb736bc0d222c1ef82e1eaea89d9..09d29bf344668a863680ec43e3d6e087171b7cfc 100644 --- a/doc/security/rack_attack.md +++ b/doc/security/rack_attack.md @@ -77,11 +77,12 @@ authentication requests were received in a 3-minute period from a single IP addr This applies only to Git requests and container registry (`/jwt/auth`) requests (combined). -This limit is reset by requests that authenticate successfully. For example, 29 -failed authentication requests followed by 1 successful request, followed by 29 -more failed authentication requests would not trigger a ban. +This limit: -JWT requests authenticated by gitlab-ci-token are excluded from this limit. +- Is reset by requests that authenticate successfully. For example, 29 + failed authentication requests followed by 1 successful request, followed by 29 + more failed authentication requests would not trigger a ban. +- Does not apply to JWT requests authenticated by `gitlab-ci-token`. No response headers are provided. diff --git a/doc/user/gitlab_com/index.md b/doc/user/gitlab_com/index.md index 8f1048260f2324448018b7433ebfe2bae2b7494b..72beb38fe76a71d2736781f30f0486d208d71cf7 100644 --- a/doc/user/gitlab_com/index.md +++ b/doc/user/gitlab_com/index.md @@ -320,11 +320,12 @@ authentication requests were received in a 3-minute period from a single IP addr This applies only to Git requests and container registry (`/jwt/auth`) requests (combined). -This limit is reset by requests that authenticate successfully. For example, 29 -failed authentication requests followed by 1 successful request, followed by 29 -more failed authentication requests would not trigger a ban. +This limit: -JWT requests authenticated by gitlab-ci-token are excluded from this limit. +- Is reset by requests that authenticate successfully. For example, 29 + failed authentication requests followed by 1 successful request, followed by 29 + more failed authentication requests would not trigger a ban. +- Does not apply to JWT requests authenticated by `gitlab-ci-token`. No response headers are provided.