diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml
index 824fc9b4..5c79d32e 100644
--- a/assets/runtime/config/gitlabhq/gitlab.yml
+++ b/assets/runtime/config/gitlabhq/gitlab.yml
@@ -404,19 +404,19 @@ production: &base
   rack_attack:
     git_basic_auth:
       # Rack Attack IP banning enabled
-      # enabled: true
+      enabled: {{RACK_ATTACK_ENABLED}}
       #
       # Whitelist requests from 127.0.0.1 for web proxies (NGINX/Apache) with incorrect headers
-      # ip_whitelist: ["127.0.0.1"]
+      ip_whitelist: [{{RACK_ATTACK_WHITELIST}}]
       #
       # Limit the number of Git HTTP authentication attempts per IP
-      # maxretry: 10
+      maxretry: {{RACK_ATTACK_MAXRETRY}}
       #
       # Reset the auth attempt counter per IP after 60 seconds
-      # findtime: 60
+      findtime: {{RACK_ATTACK_FINDTIME}}
       #
       # Ban an IP for one hour (3600s) after too many auth attempts
-      # bantime: 3600
+      bantime: {{RACK_ATTACK_BANTIME}}
 
 development:
   <<: *base
diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults
index 0f1c549c..12f44fdc 100644
--- a/assets/runtime/env-defaults
+++ b/assets/runtime/env-defaults
@@ -240,3 +240,10 @@ GOOGLE_ANALYTICS_ID=${GOOGLE_ANALYTICS_ID:-}
 ### PIWIK
 PIWIK_URL=${PIWIK_URL:-}
 PIWIK_SITE_ID=${PIWIK_SITE_ID:-}
+
+## RACK ATTACK
+RACK_ATTACK_ENABLED=${RACK_ATTACK_ENABLED:-true}
+RACK_ATTACK_WHITELIST=${RACK_ATTACK_WHITELIST:-"127.0.0.1"}
+RACK_ATTACK_MAXRETRY=${RACK_ATTACK_MAXRETRY:-10}
+RACK_ATTACK_FINDTIME=${RACK_ATTACK_FINDTIME:-60}
+RACK_ATTACK_BANTIME=${RACK_ATTACK_BANTIME:-3600}
diff --git a/assets/runtime/functions b/assets/runtime/functions
index 7f4505fa..3cd0a597 100644
--- a/assets/runtime/functions
+++ b/assets/runtime/functions
@@ -584,6 +584,14 @@ gitlab_configure_analytics() {
   gitlab_configure_analytics_piwik
 }
 
+gitlab_configure_rack_attack() {
+  exec_as_git sid -i 's|{{RACK_ATTACK_ENABLED}}|'"${RACK_ATTACK_ENABLED}}"'|' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
+  exec_as_git sid -i 's|{{RACK_ATTACK_WHITELIST}}|'"${RACK_ATTACK_WHITELIST}}"'|' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
+  exec_as_git sid -i 's|{{RACK_ATTACK_MAXRETRY}}|'"${RACK_ATTACK_MAXRETRY}}"'|' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
+  exec_as_git sid -i 's|{{RACK_ATTACK_FINDTIME}}|'"${RACK_ATTACK_FINDTIME}}"'|' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
+  exec_as_git sid -i 's|{{RACK_ATTACK_BANTIME}}|'"${RACK_ATTACK_BANTIME}}"'|' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
+}
+
 gitlab_configure_ci() {
   echo "Configuring gitlab::ci..."
   exec_as_git sed -i 's|{{GITLAB_NOTIFY_ON_BROKEN_BUILDS}}|'"${GITLAB_NOTIFY_ON_BROKEN_BUILDS}"'|' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
@@ -922,6 +930,7 @@ configure_gitlab() {
   gitlab_configure_ldap
   gitlab_configure_gravatar
   gitlab_configure_analytics
+  gitlab_configure_rack_attack
   gitlab_configure_backups
 }