GitLab Next

Problem to solve

https://docs.gitlab.com/ee/user/group/index.html#ip-access-restriction says IP restrictions apply to UI, API, and SSH

However, it also says:

To avoid accidental lock-out, admins and group owners are able to access the group regardless of the IP restriction.

Further details

Our testing shows that with IP restriction turned on:

1. UI: A user with Owner permissions can still access the top-level group along with any subgroup within, but cannot access projects.
2. API: A user with Owner permissions can still access the related API endpoints.
3. SSH: A user with Owner permissions cannot access any projects via SSH to perform Git operations.
4. Pages: With Access Control enabled, IP addresses can be rejected and Pages can be inaccessible.

The root cause is that the source IP is not passed correctly gitlab-com/gl-infra/infrastructure#10954

Proposal

Address root cause by implementing &5219

Who can address the issue

Source Code team

Other links/references

Original question came from customer (internal): https://gitlab.zendesk.com/agent/tickets/177588

Update

Looks like this may be a bug specific to GitLab.com due to gitlab-com/gl-infra/infrastructure#10954

Follow-up

• Once this issue is fixed, update (and quite possibly revert) this doc change: !50801 (merged)

Customers

• https://gitlab.my.salesforce.com/00161000006g0cJAAQ
• https://gitlab.my.salesforce.com/0016100001F4xr9
• https://gitlab.my.salesforce.com/0064M00000XaVR5