Automatically whitelist runners when "IPs per user" setting is set

When setting an "IPs per user" limit in Admin area -> Settings -> Reporting -> Spam and Anti-bot Protection, runners will occasionally get blocked from accessing GitLab, like when accesing images:

Started GET "/jwt/auth?account=gitlab-ci-token&scope=repository%3Aasd%2Ffgh%3Apull&service=container_registry" for 127.0.0.1 at 2019-03-26 07:34:57 -0400
Processing by JwtController#auth as HTML
  Parameters: {"account"=>"gitlab-ci-token", "scope"=>"repository:asd/fgh:pull", "service"=>"container_registry"}
Completed 403 Forbidden in 14ms (ActiveRecord: 2.0ms | Elasticsearch: 0.0ms)

Or when getting traces:

Started GET "/asd/fgh/-/jobs/22762/trace.json?state=[STATE]%3D" for 127.0.0.1 at 2019-03-26 07:34:58 -0400
Processing by Projects::JobsController#trace as JSON
  Parameters: {"state"=>"[STATE]", "namespace_id"=>"asd", "project_id"=>"fgh", "id"=>"22762"}
Completed 403 Forbidden in 3ms (ActiveRecord: 0.5ms | Elasticsearch: 0.0ms)
Started GET "/jwt/auth?account=gitlab-ci-token&scope=repository%3Aasd%2Ffgh%%3Apull&service=container_registry" for 127.0.0.1 at 2019-03-26 07:34:58 -0400
Processing by JwtController#auth as HTML
  Parameters: {"account"=>"gitlab-ci-token", "scope"=>"repository:asd/fgh:pull", "service"=>"container_registry"}
Completed 403 Forbidden in 12ms (ActiveRecord: 2.0ms | Elasticsearch: 0.0ms)
Started PATCH "/api/v4/jobs/22758/trace" for 127.0.0.1 at 2019-03-26 07:34:58 -0400
Started PATCH "/api/v4/jobs/22759/trace" for 127.0.0.1 at 2019-03-26 07:34:58 -0400

There should be a way to automatically detect runners and not block them since GitLab is aware and has access to runner's IPs.

https://gitlab.zendesk.com/agent/tickets/117321

Edited Mar 29, 2019 by Cindy Pallares 🦉