Skip to content

Skip Rack Attack rate limiting for container registry event API

Stan Hu requested to merge sh-avoid-rate-limit-container-registry-events into master

As seen in #327416 (closed), previously Rack Attack throttled /api/v4/container_registry_event/events, which then caused Rack Attack to rate limit on other unauthenticated requests, such as fetches to remote CI YAML files.

Since this is a trusted request from the Docker Registry, we can exempt this from our rate limiting. We now skip the request if the path starts with /api/v4/container_registry_event/.

Edited by Stan Hu

Merge request reports

Loading