2026-01-18 13:58:25 +00:00 · 2015-11-25 10:59:51 +01:00 · 2015-11-25 10:59:51 +01:00 · 86196cd522
commit 86196cd522
parent d7a2bef3e1
3 changed files with 21 additions and 5 deletions
--- a/assets/runtime/config/gitlabhq/gitlab.yml
+++ b/assets/runtime/config/gitlabhq/gitlab.yml
@ -404,19 +404,19 @@ production: &base
  rack_attack:
    git_basic_auth:
      # Rack Attack IP banning enabled
-      # enabled: true
+      enabled: {{RACK_ATTACK_ENABLED}}
      #
      # Whitelist requests from 127.0.0.1 for web proxies (NGINX/Apache) with incorrect headers
-      # ip_whitelist: ["127.0.0.1"]
+      ip_whitelist: [{{RACK_ATTACK_WHITELIST}}]
      #
      # Limit the number of Git HTTP authentication attempts per IP
-      # maxretry: 10
+      maxretry: {{RACK_ATTACK_MAXRETRY}}
      #
      # Reset the auth attempt counter per IP after 60 seconds
-      # findtime: 60
+      findtime: {{RACK_ATTACK_FINDTIME}}
      #
      # Ban an IP for one hour (3600s) after too many auth attempts
-      # bantime: 3600
+      bantime: {{RACK_ATTACK_BANTIME}}

 development:
  <<: *base
--- a/assets/runtime/env-defaults
+++ b/assets/runtime/env-defaults
@ -240,3 +240,10 @@ GOOGLE_ANALYTICS_ID=${GOOGLE_ANALYTICS_ID:-}
 ### PIWIK
 PIWIK_URL=${PIWIK_URL:-}
 PIWIK_SITE_ID=${PIWIK_SITE_ID:-}
+
+## RACK ATTACK
+RACK_ATTACK_ENABLED=${RACK_ATTACK_ENABLED:-true}
+RACK_ATTACK_WHITELIST=${RACK_ATTACK_WHITELIST:-"127.0.0.1"}
+RACK_ATTACK_MAXRETRY=${RACK_ATTACK_MAXRETRY:-10}
+RACK_ATTACK_FINDTIME=${RACK_ATTACK_FINDTIME:-60}
+RACK_ATTACK_BANTIME=${RACK_ATTACK_BANTIME:-3600}
--- a/assets/runtime/functions
+++ b/assets/runtime/functions
@ -584,6 +584,14 @@ gitlab_configure_analytics() {
  gitlab_configure_analytics_piwik
 }

+gitlab_configure_rack_attack() {
+  exec_as_git sid -i 's|{{RACK_ATTACK_ENABLED}}|'"${RACK_ATTACK_ENABLED}}"'|' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
+  exec_as_git sid -i 's|{{RACK_ATTACK_WHITELIST}}|'"${RACK_ATTACK_WHITELIST}}"'|' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
+  exec_as_git sid -i 's|{{RACK_ATTACK_MAXRETRY}}|'"${RACK_ATTACK_MAXRETRY}}"'|' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
+  exec_as_git sid -i 's|{{RACK_ATTACK_FINDTIME}}|'"${RACK_ATTACK_FINDTIME}}"'|' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
+  exec_as_git sid -i 's|{{RACK_ATTACK_BANTIME}}|'"${RACK_ATTACK_BANTIME}}"'|' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
+}
+
 gitlab_configure_ci() {
  echo "Configuring gitlab::ci..."
  exec_as_git sed -i 's|{{GITLAB_NOTIFY_ON_BROKEN_BUILDS}}|'"${GITLAB_NOTIFY_ON_BROKEN_BUILDS}"'|' ${GITLAB_INSTALL_DIR}/config/gitlab.yml
@ -922,6 +930,7 @@ configure_gitlab() {
  gitlab_configure_ldap
  gitlab_configure_gravatar
  gitlab_configure_analytics
+  gitlab_configure_rack_attack
  gitlab_configure_backups
 }