Git Tower storm
Starting around 21:00 UTC this evening I noticed an increasingly large number of queries coming in to the /api/v3/groups
endpoint. Thousands per minute from a large number of IPs. Most of these queries were requesting an invalid page and returning empty sets. It wasn't long after I started blocking these queries that I noticed they're all utilizing the User-Agent Tower/347 CFNetwork/760.5.1 Darwin/15.5.0 (x86_64)
. (Git Tower).
The number of IP addresses swamping our API is too large to individually block. We do have the option of blocking based on User-Agent but first I wanted to contact Git Tower, as this isn't yet impacting service. I've contact the Git Tower customer support and we're working on finding a more immediate method to contact them and to notify GitLab users using this git
client that they may be temporarily blocked from GitLab.