gitlab-org--gitlab-foss/config/initializers/rack_attack_git_basic_auth.rb

rack_attack_enabled = Gitlab.config.rack_attack.git_basic_auth['enabled']

unless Rails.env.test? || !rack_attack_enabled
  # Tell the Rack::Attack Rack middleware to maintain an IP blacklist. We will
  # update the blacklist from Grack::Auth#authenticate_user.
  Rack::Attack.blacklist('Git HTTP Basic Auth') do |req|
    Rack::Attack::Allow2Ban.filter(req.ip, Gitlab.config.rack_attack.git_basic_auth) do
      # This block only gets run if the IP was not already banned.
      # Return false, meaning that we do not see anything wrong with the
      # request at this time
      false
    end
  end
end
Disable Rack Attack if admin disables it in config file Grack::Auth already checks this variable. These holdouts were not disabled, leading to confusion when debugging a customer issue. 2016-04-25 20:08:10 -04:00			`rack_attack_enabled = Gitlab.config.rack_attack.git_basic_auth['enabled']`

			`unless Rails.env.test? \|\| !rack_attack_enabled`
Add more comments explaining how we block IPs 2014-12-18 05:08:11 -05:00			`# Tell the Rack::Attack Rack middleware to maintain an IP blacklist. We will`
			`# update the blacklist from Grack::Auth#authenticate_user.`
Block Git HTTP Basic Auth after 10 failed attempts 2014-12-15 12:47:26 -05:00			`Rack::Attack.blacklist('Git HTTP Basic Auth') do \|req\|`
			`Rack::Attack::Allow2Ban.filter(req.ip, Gitlab.config.rack_attack.git_basic_auth) do`
			`# This block only gets run if the IP was not already banned.`
			`# Return false, meaning that we do not see anything wrong with the`
			`# request at this time`
			`false`
			`end`
			`end`
			`end`