Users getting automatically banned after some intensive MR reviews

Summary

Most active GNOME contributors are getting banned after a certain amount of requests sent to the GNOME's GitLab instance. Rack Attack shows no activity at all regarding their IPs nor any Rack_Attack string is found on the production.log.

Steps to reproduce

  1. Start reviewing and approving a set of MRs
  2. After the MRs have been merged into master a set of CI jobs starts
  3. Ban occurs against the user that performed the MRs and started the CI jobs

Involved configuration files

gitlab_rails['rack_attack_git_basic_auth'] = {
   'enabled' => true,
   'ip_whitelist' => ["127.0.0.1", "load-balancer-ip-1", "load-balancer-ip-2"],
   'maxretry' => 10,
   'findtime' => 60,
   'bantime' => 3600
}

gitlab_rails['rack_attack_protected_paths'] = [
   '/users/password',
   '/users/sign_in',
   '/api/#{API::API.version}/session.json',
   '/api/#{API::API.version}/session',
   '/users',
   '/users/confirmation',
   '/unsubscribes/',
   '/import/github/personal_access_token'
]

Commands stdout excerpt

[root@gitlab gitlab-rails]# grep "Rack_Attack" /var/log/gitlab/gitlab-rails/production.log
[root@gitlab gitlab-rails]# 

[root@gitlab ~]# /opt/gitlab/embedded/bin/redis-cli -s /var/opt/gitlab/redis/redis.socket
redis /var/opt/gitlab/redis/redis.socket> keys *attack*
(empty list or set)
(0.52s)

Still the person is receiving a set of 403s:

./gitlab-workhorse/current:2018-06-19_11:28:01.57536 gitlab.gnome.org X.X.X.X:50756 - - [2018/06/19:11:28:01 +0000] "GET /GNOME/glib/merge_requests/104.json?serializer=widget HTTP/1.1" 403 0 "https://gitlab.gnome.org/GNOME/glib/merge_requests/104/diffs" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" 0.035

./gitlab-workhorse/current:2018-06-19_11:28:21.31411 gitlab.gnome.org X.X.X.X:51398 - - [2018/06/19:11:28:21 +0000] "GET / HTTP/1.1" 403 0 "" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" 0.022

./gitlab-workhorse/current:2018-06-19_11:28:24.76890 gitlab.gnome.org X.X.X.X:51516 - - [2018/06/19:11:28:24 +0000] "GET /GNOME/glib/merge_requests/117/ci_environments_status HTTP/1.1" 403 0 "https://gitlab.gnome.org/GNOME/glib/merge_requests/117" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" 0.041

Does GitLab make use of any other rate limiting tool other than Rack Attack? If Rack Attack is the tool that performs the ban why aren't the paths shown in rack_attack_protected_paths not honored (as /GNOME/glib* was mainly targeted with GET/POST requests and those seemed to effectively have caused a ban)?