White-list requests from 127.0.0.1

On some misconfigured GitLab servers, if you look in production.log it looks
like all requests come from 127.0.0.1. To avoid unwanted banning we
white-list 127.0.0.1 with this commit.

2 files changed, 4 insertions, 0 deletions

diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index b474063505f..5d801b9ae5b 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -300,6 +300,9 @@ production: &base
 
   rack_attack:
     git_basic_auth:
+      # Whitelist requests from 127.0.0.1 for web proxies (NGINX/Apache) with incorrect headers
+      # ip_whitelist: ["127.0.0.1"]
+      #
       # Limit the number of Git HTTP authentication attempts per IP
       # maxretry: 10
       #
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 4464d9d0001..c744577d516 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -176,6 +176,7 @@ Settings['extra'] ||= Settingslogic.new({})
 #
 Settings['rack_attack'] ||= Settingslogic.new({})
 Settings.rack_attack['git_basic_auth'] ||= Settingslogic.new({})
+Settings.rack_attack.git_basic_auth['ip_whitelist'] ||= %w{127.0.0.1}
 Settings.rack_attack.git_basic_auth['maxretry'] ||= 10
 Settings.rack_attack.git_basic_auth['findtime'] ||= 1.minute
 Settings.rack_attack.git_basic_auth['bantime'] ||= 1.hour