gitlab-org--gitlab-foss/config/initializers/rack_attack_git_basic_auth.rb

# Tell the Rack::Attack Rack middleware to maintain an IP blacklist.
# We update the blacklist in Gitlab::Auth::IpRateLimiter.
Rack::Attack.blocklist('Git HTTP Basic Auth') do |req|
  rate_limiter = Gitlab::Auth::IpRateLimiter.new(req.ip)

  next false if !rate_limiter.enabled? || rate_limiter.trusted_ip?

  Rack::Attack::Allow2Ban.filter(req.ip, Gitlab.config.rack_attack.git_basic_auth) do
    # This block only gets run if the IP was not already banned.
    # Return false, meaning that we do not see anything wrong with the
    # request at this time
    false
  end
end
Add latest changes from gitlab-org/gitlab@master 2019-10-27 05:05:56 -04:00			`# Tell the Rack::Attack Rack middleware to maintain an IP blacklist.`
			`# We update the blacklist in Gitlab::Auth::IpRateLimiter.`
			`Rack::Attack.blocklist('Git HTTP Basic Auth') do \|req\|`
Add latest changes from gitlab-org/gitlab@master 2019-11-07 22:06:48 -05:00			`rate_limiter = Gitlab::Auth::IpRateLimiter.new(req.ip)`

			`next false if !rate_limiter.enabled? \|\| rate_limiter.trusted_ip?`
Disable Rack Attack if admin disables it in config file Grack::Auth already checks this variable. These holdouts were not disabled, leading to confusion when debugging a customer issue. 2016-04-25 20:08:10 -04:00
Add latest changes from gitlab-org/gitlab@master 2019-10-27 05:05:56 -04:00			`Rack::Attack::Allow2Ban.filter(req.ip, Gitlab.config.rack_attack.git_basic_auth) do`
			`# This block only gets run if the IP was not already banned.`
			`# Return false, meaning that we do not see anything wrong with the`
			`# request at this time`
			`false`
Block Git HTTP Basic Auth after 10 failed attempts 2014-12-15 12:47:26 -05:00			`end`
			`end`