diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/initializers/rack_attack_git_basic_auth.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/config/initializers/rack_attack_git_basic_auth.rb b/config/initializers/rack_attack_git_basic_auth.rb index 219920b2b19..71e5e2969ce 100644 --- a/config/initializers/rack_attack_git_basic_auth.rb +++ b/config/initializers/rack_attack_git_basic_auth.rb @@ -1,7 +1,9 @@ # Tell the Rack::Attack Rack middleware to maintain an IP blacklist. # We update the blacklist in Gitlab::Auth::IpRateLimiter. Rack::Attack.blocklist('Git HTTP Basic Auth') do |req| - next false unless Gitlab.config.rack_attack.git_basic_auth.enabled + rate_limiter = Gitlab::Auth::IpRateLimiter.new(req.ip) + + next false if !rate_limiter.enabled? || rate_limiter.trusted_ip? Rack::Attack::Allow2Ban.filter(req.ip, Gitlab.config.rack_attack.git_basic_auth) do # This block only gets run if the IP was not already banned. |