diff options
| author | Stan Hu <stanhu@gmail.com> | 2015-03-15 19:07:23 -0700 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2015-03-24 00:36:46 -0700 |
| commit | 56d87db32cffc4c1e7be410da08c3b3e4bd1dcc0 (patch) | |
| tree | 4552c72bb4f6d760fae094c57aa4d9fbb07d78fb /config | |
| parent | c3c9703437a552700c2a6ca010b05cc56aa6d73a (diff) | |
| download | gitlab-ce-56d87db32cffc4c1e7be410da08c3b3e4bd1dcc0.tar.gz | |
Reduce Rack Attack false positives by clearing out auth failure count upon
successful Git over HTTP authentication.
Add logging when a ban goes into effect for debugging.
Issue #1171
Diffstat (limited to 'config')
| -rw-r--r-- | config/gitlab.yml.example | 3 | ||||
| -rw-r--r-- | config/initializers/1_settings.rb | 1 |
2 files changed, 4 insertions, 0 deletions
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index a85db10e019..c4a0fefb7ab 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -285,6 +285,9 @@ production: &base rack_attack: git_basic_auth: + # Rack Attack IP banning enabled + # enabled: true + # # Whitelist requests from 127.0.0.1 for web proxies (NGINX/Apache) with incorrect headers # ip_whitelist: ["127.0.0.1"] # diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 70af7a829c4..15c1ae9466f 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -183,6 +183,7 @@ Settings['extra'] ||= Settingslogic.new({}) # Settings['rack_attack'] ||= Settingslogic.new({}) Settings.rack_attack['git_basic_auth'] ||= Settingslogic.new({}) +Settings.rack_attack.git_basic_auth['enabled'] = true if Settings.rack_attack.git_basic_auth['enabled'].nil? Settings.rack_attack.git_basic_auth['ip_whitelist'] ||= %w{127.0.0.1} Settings.rack_attack.git_basic_auth['maxretry'] ||= 10 Settings.rack_attack.git_basic_auth['findtime'] ||= 1.minute |