`rack_attack.rb` doesn't honor all config options

Summary

Hard-coded defaults for limit and period are used in rack_attack.rb. Settings allow users to specify a multitude of things. Example configuration in Omnibus:

gitlab_rails['rack_attack_git_basic_auth'] = {
  'enabled' => true,
  'ip_whitelist' => ["127.0.0.1"],
  'maxretry' => 10,
  'findtime' => 60,
  'bantime' => 3600
}

Currently, the default retry and period are set in rack_attack.rb:

Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do

Expected behavior

The file should honor the maxretry and bantime, at least. Does the throttle method allow passing the whitelist, too?

cc/ @stanhu Since you worked on https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3918

Edited Sep 02, 2020 by 🤖 GitLab Bot 🤖