Allow "Admin Area Protected Paths" to be used at the same time as "Git and container registry failed authentication ban" (!21090) · Merge requests · GitLab.org / GitLab

Michael Kozono requested to merge 37093-resolve-protected-path-conflict into master Dec 03, 2019

What does this MR do?

Adds gitlab.yml setting Gitlab.config.rack_attack.admin_area_protected_paths_enabled as first part of #37093 (closed).

omnibus-gitlab!3773 (merged) should be merged afterward in the same release (especially because the docs assume these are both merged).

Screenshots

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
[-] Tested in all supported browsers

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

[-] Label as security and @ mention @gitlab-com/gl-security/appsec
[-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
[-] Security reports checked/validated by a reviewer from the AppSec team

Related #37093 (closed)

Edited Dec 04, 2019 by Mayra Cabrera

Allow "Admin Area Protected Paths" to be used at the same time as "Git and container registry failed authentication ban"