diff options
author | Jacob Vosmaer <contact@jacobvosmaer.nl> | 2015-01-06 18:56:56 +0300 |
---|---|---|
committer | Jacob Vosmaer <contact@jacobvosmaer.nl> | 2015-01-06 18:56:56 +0300 |
commit | af56c1dd323ee418eb8dbfa9eb35c7ec9ac58a66 (patch) | |
tree | b3ab3629579ac4db3441c60cb48cc0c652dd73e7 /lib | |
parent | c8b2def2be44771ffb479ad989acc7eccf4012f8 (diff) |
White-list requests from 127.0.0.1
On some misconfigured GitLab servers, if you look in production.log it looks
like all requests come from 127.0.0.1. To avoid unwanted banning we
white-list 127.0.0.1 with this commit.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/backend/grack_auth.rb | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb index 7bc745bf97e..1f71906bc8e 100644 --- a/lib/gitlab/backend/grack_auth.rb +++ b/lib/gitlab/backend/grack_auth.rb @@ -80,10 +80,15 @@ module Grack # information is stored in the Rails cache (Redis) and will be used by # the Rack::Attack middleware to decide whether to block requests from # this IP. - Rack::Attack::Allow2Ban.filter(@request.ip, Gitlab.config.rack_attack.git_basic_auth) do - # Return true, so that Allow2Ban increments the counter (stored in - # Rails.cache) for the IP - true + config = Gitlab.config.rack_attack.git_basic_auth + Rack::Attack::Allow2Ban.filter(@request.ip, config) do + # Unless the IP is whitelisted, return true so that Allow2Ban + # increments the counter (stored in Rails.cache) for the IP + if config.ip_whitelist.include?(@request.ip) + false + else + true + end end nil # No user was found |