Exempt `jwt/auth` for user `gitlab-ci-token` from rate limiting
From comment https://gitlab.com/gitlab-org/gitlab-ce/issues/49345#note_88875015:
Maybe the solution is to exempt jwt/auth for user
gitlab-ci-token
from rate limiting. It should pretty much solve this problem, IF THIS IS THE PROBLEM :)Brute forcing for
gitlab-ci-token
does not make sense, as we generate short living OTP withDevise.friendly_token
, so good luck with that, especially that this is random project, not a specific user/project.
If you look at the requests in the code block in https://gitlab.com/gitlab-com/support-forum/issues/3558#note_81787318, they are almost all
/jwt/auth?account=gitlab-ci-token
. So it is the problem for at least that user!
Marked as a bug because it is a normal operation for docker push
to do unauthed requests to /jwt/auth
, and using CI on private runners to push can result in getting a 1 hour IP ban and a complete inability to use GitLab.com. See https://gitlab.com/gitlab-org/gitlab-ce/issues/49345#note_88811307
cc @ayufan