Closed aphick closed 6 months ago
A @.***> writes:
Our instance was victim to a severe DoS attack this morning, with over 200,000 requests hitting
/git/en/log/
resulting in 100% CPU usage by thecgit
process. As a temporary workaround we have added the stanza below to block all requests to that endpoint. Could simply require adjustment to the Nginx config, but that should be documented somewhere.location /git { deny all; }
Well, that would cut legit user out as well.
There's an option in the admin to make the /git endpoint accessible to logged in only: "View history (CGIT)"
-- Marco
Our instance was victim to a severe DoS attack this morning, with over 200,000 requests hitting
/git/en/log/
resulting in 100% CPU usage by thecgit
process. As a temporary workaround we have added the stanza below to block all requests to that endpoint. Could simply require adjustment to the Nginx config, but that should be documented somewhere.