Note that, from issue 5245:
Rack Attack is new for 6-2 stable which will be released on 22rd of october.
That being said, read "doc/security/rack_attack.md
":
uncomment the line config.middleware.use Rack::Attack
in the config/application.rb
find isn't enough.
The other steps are:
- Rename
config/initializers/rack_attack.rb.example
toconfig/initializers/rack_attack.rb
- Review the
paths_to_be_protected
and add any other path you need protecting- Restart GitLab instance