diff --git a/app/helpers/branches_helper.rb b/app/helpers/branches_helper.rb
index c533659b600f8d0a37b30e6374efee32cc14f6cc..601df5c18df14c353313da58554c7f6236d9582b 100644
--- a/app/helpers/branches_helper.rb
+++ b/app/helpers/branches_helper.rb
@@ -12,7 +12,7 @@ module BranchesHelper
   def can_push_branch?(project, branch_name)
     return false unless project.repository.branch_exists?(branch_name)
 
-    ::Gitlab::GitAccess.new(current_user, project).can_push_to_branch?(branch_name)
+    ::Gitlab::GitAccess.new(current_user, project, 'web').can_push_to_branch?(branch_name)
   end
 
   def project_branches
diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb
index cb0f871897a346b5dd7a954b3a3ac6ad1d65e0f3..4f7e1d2f302fc31029b2883b0cbdfa971c8aac33 100644
--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -481,7 +481,7 @@ class MergeRequest < ActiveRecord::Base
   end
 
   def can_be_merged_by?(user)
-    ::Gitlab::GitAccess.new(user, project).can_push_to_branch?(target_branch)
+    ::Gitlab::GitAccess.new(user, project, 'web').can_push_to_branch?(target_branch)
   end
 
   def mergeable_ci_state?
diff --git a/app/services/commits/change_service.rb b/app/services/commits/change_service.rb
index 6b69cb53b2c6bad66dc972023c3e12f476b4dd18..c578097376a632d349d73257be0072d40b0dc8bc 100644
--- a/app/services/commits/change_service.rb
+++ b/app/services/commits/change_service.rb
@@ -23,7 +23,7 @@ module Commits
     private
 
     def check_push_permissions
-      allowed = ::Gitlab::GitAccess.new(current_user, project).can_push_to_branch?(@target_branch)
+      allowed = ::Gitlab::GitAccess.new(current_user, project, 'web').can_push_to_branch?(@target_branch)
 
       unless allowed
         raise ValidationError.new('You are not allowed to push into this branch')
diff --git a/app/services/files/base_service.rb b/app/services/files/base_service.rb
index 0326a8823e975c20a7a02825ba1b1da94f27868f..4bdb68a3698ffe4b7fe46dbd1aeb41e80ad12658 100644
--- a/app/services/files/base_service.rb
+++ b/app/services/files/base_service.rb
@@ -43,7 +43,7 @@ module Files
     end
 
     def validate
-      allowed = ::Gitlab::GitAccess.new(current_user, project).can_push_to_branch?(@target_branch)
+      allowed = ::Gitlab::GitAccess.new(current_user, project, 'web').can_push_to_branch?(@target_branch)
 
       unless allowed
         raise_error("You are not allowed to push into this branch")
diff --git a/app/views/admin/application_settings/_form.html.haml b/app/views/admin/application_settings/_form.html.haml
index 5647ac90a16a4a9aebb18f7621195274602e6590..99bf2701f644cec025d0ab2d87d204bf6ce82d8a 100644
--- a/app/views/admin/application_settings/_form.html.haml
+++ b/app/views/admin/application_settings/_form.html.haml
@@ -46,7 +46,7 @@
     .form-group
       %label.control-label.col-sm-2 Enabled Git access protocols
       .col-sm-10
-        = select(:application_setting, :enabled_git_access_protocols, [['Both SSH and HTTP', nil], ['Only SSH', 'ssh'], ['Only HTTP(S)', 'http']], {}, class: 'form-control')
+        = select(:application_setting, :enabled_git_access_protocols, [['Both SSH and HTTP(S)', nil], ['Only SSH', 'ssh'], ['Only HTTP(S)', 'http']], {}, class: 'form-control')
         %span.help-block#clone-protocol-help
           Allow only the selected protocols to be used for Git access.
     .form-group
diff --git a/lib/gitlab/git/hook.rb b/lib/gitlab/git/hook.rb
index 0b61c8bf332d7bd66d3f218b288c720678c656de..125240c8a8bdaf3a6e740b8dab6b2eb5a95869c5 100644
--- a/lib/gitlab/git/hook.rb
+++ b/lib/gitlab/git/hook.rb
@@ -35,7 +35,7 @@ module Gitlab
         vars = {
           'GL_ID' => gl_id,
           'PWD' => repo_path,
-          'PROTOCOL' => 'web'
+          'GL_PROTOCOL' => 'web'
         }
 
         options = {
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
index 7aec650d1a1efe33d87be8fed27dfb024d8de54b..d5f2713e935b608d0e6ffab1bd7abf15b68454ad 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -5,7 +5,7 @@ module Gitlab
 
     attr_reader :actor, :project, :protocol
 
-    def initialize(actor, project, protocol = nil)
+    def initialize(actor, project, protocol)
       @actor    = actor
       @project  = project
       @protocol = protocol
@@ -50,6 +50,8 @@ module Gitlab
     end
 
     def check(cmd, changes = nil)
+      return build_status_object(false, 'Access denied due to unspecified Git access protocol') unless protocol
+
       return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
 
       unless actor
@@ -75,8 +77,6 @@ module Gitlab
     end
 
     def download_access_check
-      return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
-
       if user
         user_download_access_check
       elsif deploy_key
@@ -87,8 +87,6 @@ module Gitlab
     end
 
     def push_access_check(changes)
-      return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
-
       if user
         user_push_access_check(changes)
       elsif deploy_key
@@ -99,8 +97,6 @@ module Gitlab
     end
 
     def user_download_access_check
-      return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
-
       unless user.can?(:download_code, project)
         return build_status_object(false, "You are not allowed to download code from this project.")
       end
@@ -109,8 +105,6 @@ module Gitlab
     end
 
     def user_push_access_check(changes)
-      return build_status_object(false, "Git access over #{protocol.upcase} is not allowed") unless protocol_allowed?
-
       if changes.blank?
         return build_status_object(true)
       end
@@ -200,7 +194,7 @@ module Gitlab
     end
 
     def protocol_allowed?
-      protocol ? Gitlab::ProtocolAccess.allowed?(protocol) : true
+      Gitlab::ProtocolAccess.allowed?(protocol)
     end
 
     def branch_name(ref)
diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb
index 9b7986fa12d6dd6d73212bcd786f9d957e953648..7e1922260eade015d08037bffe947ab3a3fce9ba 100644
--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Gitlab::GitAccess, lib: true do
-  let(:access) { Gitlab::GitAccess.new(actor, project) }
+  let(:access) { Gitlab::GitAccess.new(actor, project, 'web') }
   let(:project) { create(:project) }
   let(:user) { create(:user) }
   let(:actor) { user }
diff --git a/spec/lib/gitlab/git_access_wiki_spec.rb b/spec/lib/gitlab/git_access_wiki_spec.rb
index 77ecfce6f17f01eee7f8fcc938408efaa5ae11fe..4244b807d416a074c11383bcc361502632e7f6ec 100644
--- a/spec/lib/gitlab/git_access_wiki_spec.rb
+++ b/spec/lib/gitlab/git_access_wiki_spec.rb
@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Gitlab::GitAccessWiki, lib: true do
-  let(:access) { Gitlab::GitAccessWiki.new(user, project) }
+  let(:access) { Gitlab::GitAccessWiki.new(user, project, 'web') }
   let(:project) { create(:project) }
   let(:user) { create(:user) }