Skip to content
Snippets Groups Projects
Commit ee2313f6 authored by Douwe Maan's avatar Douwe Maan
Browse files

Merge branch 'fj-42910-unauthenticated-limit-via-ssh' into 'master'

Remove internal api calls from the rack::attack throttling

Closes #42910

See merge request gitlab-org/gitlab-ce!17149
parents e5df66e1 5ddd576c
No related branches found
No related tags found
No related merge requests found
---
title: Fixed bug with unauthenticated requests through git ssh
merge_request: 17149
author:
type: fixed
Loading
Loading
@@ -26,6 +26,7 @@ class Rack::Attack
throttle('throttle_unauthenticated', Gitlab::Throttle.unauthenticated_options) do |req|
Gitlab::Throttle.settings.throttle_unauthenticated_enabled &&
req.unauthenticated? &&
!req.api_internal_request? &&
req.ip
end
 
Loading
Loading
@@ -54,6 +55,10 @@ class Rack::Attack
path.start_with?('/api')
end
 
def api_internal_request?
path =~ %r{^/api/v\d+/internal/}
end
def web_request?
!api_request?
end
Loading
Loading
Loading
Loading
@@ -22,6 +22,7 @@ describe 'Rack Attack global throttles' do
 
let(:url_that_does_not_require_authentication) { '/users/sign_in' }
let(:url_that_requires_authentication) { '/dashboard/snippets' }
let(:url_api_internal) { '/api/v4/internal/check' }
let(:api_partial_url) { '/todos' }
 
around do |example|
Loading
Loading
@@ -172,6 +173,15 @@ describe 'Rack Attack global throttles' do
get url_that_does_not_require_authentication
expect(response).to have_http_status 200
end
context 'when the request is to the api internal endpoints' do
it 'allows requests over the rate limit' do
(1 + requests_per_period).times do
get url_api_internal, secret_token: Gitlab::Shell.secret_token
expect(response).to have_http_status 200
end
end
end
end
 
context 'when the throttle is disabled' do
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment