Skip to content

G
gitlab-ce
Switch branch/tag
Find file Normal viewHistoryPermalink
rack_attack_git_basic_auth.rb 577 Bytes
Newer Older
Heinrich Lee Yu's avatar
Upgrade Rack Attack to 6.0.0  
Heinrich Lee Yu committed
1 2 3 
# Tell the Rack::Attack Rack middleware to maintain an IP blacklist.
# We update the blacklist in Gitlab::Auth::IpRateLimiter.
Rack::Attack.blocklist('Git HTTP Basic Auth') do |req|
Heinrich Lee Yu's avatar
Skip redis call when IP is whitelisted  
Heinrich Lee Yu committed
4 5 6 
  rate_limiter = Gitlab::Auth::IpRateLimiter.new(req.ip)

  next false if !rate_limiter.enabled? || rate_limiter.trusted_ip?
Stan Hu's avatar
Disable Rack Attack if admin disables it in config file  
Stan Hu committed
7
Heinrich Lee Yu's avatar
Upgrade Rack Attack to 6.0.0  
Heinrich Lee Yu committed
8 9 10 11 12 
  Rack::Attack::Allow2Ban.filter(req.ip, Gitlab.config.rack_attack.git_basic_auth) do
    # This block only gets run if the IP was not already banned.
    # Return false, meaning that we do not see anything wrong with the
    # request at this time
    false
Jacob Vosmaer's avatar
Block Git HTTP Basic Auth after 10 failed attempts  
Jacob Vosmaer committed
13 14 
  end
end
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7