diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-10-27 09:05:56 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-10-27 09:05:56 +0000 |
commit | cc5d0271c249636bae1de55de9c2bf815d669afa (patch) | |
tree | 01b5b05c2376fca5a854459460a317c5fef96889 /config | |
parent | 529bc7e23ba25fb310c73a3d47759bfdd8b97a0a (diff) | |
download | gitlab-ce-cc5d0271c249636bae1de55de9c2bf815d669afa.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'config')
-rw-r--r-- | config/initializers/rack_attack_git_basic_auth.rb | 20 | ||||
-rw-r--r-- | config/initializers/rack_attack_logging.rb | 6 |
2 files changed, 13 insertions, 13 deletions
diff --git a/config/initializers/rack_attack_git_basic_auth.rb b/config/initializers/rack_attack_git_basic_auth.rb index 6a721826170..219920b2b19 100644 --- a/config/initializers/rack_attack_git_basic_auth.rb +++ b/config/initializers/rack_attack_git_basic_auth.rb @@ -1,14 +1,12 @@ -rack_attack_enabled = Gitlab.config.rack_attack.git_basic_auth['enabled'] +# Tell the Rack::Attack Rack middleware to maintain an IP blacklist. +# We update the blacklist in Gitlab::Auth::IpRateLimiter. +Rack::Attack.blocklist('Git HTTP Basic Auth') do |req| + next false unless Gitlab.config.rack_attack.git_basic_auth.enabled -unless Rails.env.test? || !rack_attack_enabled - # Tell the Rack::Attack Rack middleware to maintain an IP blacklist. We will - # update the blacklist from Grack::Auth#authenticate_user. - Rack::Attack.blacklist('Git HTTP Basic Auth') do |req| - Rack::Attack::Allow2Ban.filter(req.ip, Gitlab.config.rack_attack.git_basic_auth) do - # This block only gets run if the IP was not already banned. - # Return false, meaning that we do not see anything wrong with the - # request at this time - false - end + Rack::Attack::Allow2Ban.filter(req.ip, Gitlab.config.rack_attack.git_basic_auth) do + # This block only gets run if the IP was not already banned. + # Return false, meaning that we do not see anything wrong with the + # request at this time + false end end diff --git a/config/initializers/rack_attack_logging.rb b/config/initializers/rack_attack_logging.rb index be7c2175cb2..a95cb09755b 100644 --- a/config/initializers/rack_attack_logging.rb +++ b/config/initializers/rack_attack_logging.rb @@ -2,8 +2,10 @@ # # Adds logging for all Rack Attack blocks and throttling events. -ActiveSupport::Notifications.subscribe('rack.attack') do |name, start, finish, request_id, req| - if [:throttle, :blacklist].include? req.env['rack.attack.match_type'] +ActiveSupport::Notifications.subscribe(/rack_attack/) do |name, start, finish, request_id, payload| + req = payload[:request] + + if [:throttle, :blocklist].include? req.env['rack.attack.match_type'] rack_attack_info = { message: 'Rack_Attack', env: req.env['rack.attack.match_type'], |