Commit c8b2def2 authored by Jacob Vosmaer's avatar Jacob Vosmaer

Add more comments explaining how we block IPs

parent 4a389e76
unless Rails.env.test? unless Rails.env.test?
# Tell the Rack::Attack Rack middleware to maintain an IP blacklist. We will
# update the blacklist from Grack::Auth#authenticate_user.
Rack::Attack.blacklist('Git HTTP Basic Auth') do |req| Rack::Attack.blacklist('Git HTTP Basic Auth') do |req|
Rack::Attack::Allow2Ban.filter(req.ip, Gitlab.config.rack_attack.git_basic_auth) do Rack::Attack::Allow2Ban.filter(req.ip, Gitlab.config.rack_attack.git_basic_auth) do
# This block only gets run if the IP was not already banned. # This block only gets run if the IP was not already banned.
......
...@@ -76,7 +76,10 @@ module Grack ...@@ -76,7 +76,10 @@ module Grack
return user if user.present? return user if user.present?
# At this point, we know the credentials were wrong. We let Rack::Attack # At this point, we know the credentials were wrong. We let Rack::Attack
# know there was a failed authentication attempt from this IP # know there was a failed authentication attempt from this IP. This
# information is stored in the Rails cache (Redis) and will be used by
# the Rack::Attack middleware to decide whether to block requests from
# this IP.
Rack::Attack::Allow2Ban.filter(@request.ip, Gitlab.config.rack_attack.git_basic_auth) do Rack::Attack::Allow2Ban.filter(@request.ip, Gitlab.config.rack_attack.git_basic_auth) do
# Return true, so that Allow2Ban increments the counter (stored in # Return true, so that Allow2Ban increments the counter (stored in
# Rails.cache) for the IP # Rails.cache) for the IP
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment