Fix unique IP rate limiter (!24744) · Merge requests · GitLab.org / GitLab

Stan Hu requested to merge sh-fix-unique-ips-limiter into master Feb 09, 2020

The unique IP rate limiter stopped working when Rack Attack settings were enabled the initializer because the TooManyIps exception would be raised inside the Rack Attack middleware, which would result in a 500 error.

To fix this, we use a custom middleware to lookup the user before the Rack Attack middleware gets a chance to run and explicitly call the limiter there. If the TooManyIps exception is raised then, we return a 429 error and log a message.

Closes #198939 (closed)

Edited Jul 21, 2020 by 🤖 GitLab Bot 🤖

Fix unique IP rate limiter

Merge request reports