Default message when git rate limited by failed auth attempts
What does this MR do and why?
Default message when git rate limited by failed auth attempts
Displays a static error message when requests are rate-limited due to too many failed git authentication attempts.
Extracts error class into its own file, since it now has more than just a class name to it.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
(these screenshots made by running the same failing git fetch
using an invalid token, but switching from my branch to master
in another tab)
How to set up and validate locally
- Ensure you have Rack Attack enabled locally in
gitlab.yml
:rack_attack: git_basic_auth: enabled: true maxretry: 10 findtime: 60 bantime: 3600 ip_whitelist: ["838.98.1.0"] # make sure the default 127.0.0.1 doesn't apply
- Clone a private project from your local install using
https://
method - Add a new origin using the
https
url, but specifying an invalid HTTP basic username & password:git remote add pw https://admin:wrongpassword@YOUR_HOST:3443/group-slug/project-slug.git
- Repeatedly fetch until you get banned:
for ((i = 0; i < 100; i++)); do git fetch pw; done
- Try to fetch from the (valid) origin remote:
git fetch origin
- You should see the message
remote: Too many failed authentication attempts from this IP
Related to #22787 (closed)
Edited by Andrew Evans