White-list requests from 127.0.0.1

On some misconfigured GitLab servers, if you look in production.log it looks like all requests come from 127.0.0.1. To avoid unwanted banning we white-list 127.0.0.1 with this commit.
author: Jacob Vosmaer <contact@jacobvosmaer.nl> 2015-01-06 18:56:56 +0300
committer: Jacob Vosmaer <contact@jacobvosmaer.nl> 2015-01-06 18:56:56 +0300
commit: af56c1dd323ee418eb8dbfa9eb35c7ec9ac58a66 (patch)
tree: b3ab3629579ac4db3441c60cb48cc0c652dd73e7 /lib
parent: c8b2def2be44771ffb479ad989acc7eccf4012f8 (diff)
1 files changed, 9 insertions, 4 deletions
diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb
index 7bc745bf97e..1f71906bc8e 100644
--- a/lib/gitlab/backend/grack_auth.rb
+++ b/lib/gitlab/backend/grack_auth.rb
@@ -80,10 +80,15 @@ module Grack
       # information is stored in the Rails cache (Redis) and will be used by
       # the Rack::Attack middleware to decide whether to block requests from
       # this IP.
-      Rack::Attack::Allow2Ban.filter(@request.ip, Gitlab.config.rack_attack.git_basic_auth) do
-        # Return true, so that Allow2Ban increments the counter (stored in
-        # Rails.cache) for the IP
-        true
+      config = Gitlab.config.rack_attack.git_basic_auth
+      Rack::Attack::Allow2Ban.filter(@request.ip, config) do
+        # Unless the IP is whitelisted, return true so that Allow2Ban
+        # increments the counter (stored in Rails.cache) for the IP
+        if config.ip_whitelist.include?(@request.ip)
+          false
+        else
+          true
+        end
       end
 
       nil # No user was found
author	Jacob Vosmaer <contact@jacobvosmaer.nl>	2015-01-06 18:56:56 +0300
committer	Jacob Vosmaer <contact@jacobvosmaer.nl>	2015-01-06 18:56:56 +0300
commit	af56c1dd323ee418eb8dbfa9eb35c7ec9ac58a66 (patch)
tree	b3ab3629579ac4db3441c60cb48cc0c652dd73e7 /lib
parent	c8b2def2be44771ffb479ad989acc7eccf4012f8 (diff)