Git abuse rate limit (administration)
-
Introduced in GitLab 15.2 with a flag named
git_abuse_rate_limit_feature_flag
. Disabled by default. -
Generally available in GitLab 15.11. Feature flag
git_abuse_rate_limit_feature_flag
removed.
This is the administration documentation. For information about Git abuse rate limiting for a group, see the group documentation.
Git abuse rate limiting is a feature to automatically ban users who download, clone, or fork more than a specified number of repositories in any project in the instance in a given time frame. Banned users cannot sign in to the instance and cannot access any non-public group via HTTP or SSH. The rate limit also applies to users who authenticate with a personal or group access token.
Git abuse rate limiting does not apply to instance administrators, deploy tokens, or deploy keys.
How GitLab determines a user’s rate limit is under development.
GitLab team members can view more information in this confidential epic:
https://gitlab.com/groups/gitlab-org/modelops/anti-abuse/-/epics/14
.
Configure Git abuse rate limiting
- On the left sidebar, at the bottom, select Admin.
- Select Settings > Reporting.
- Expand Git abuse rate limit.
- Update the Git abuse rate limit settings:
- Enter a number in the Number of repositories field, greater than or equal to
0
and less than or equal to10,000
. This number specifies the maximum amount of unique repositories a user can download in the specified time period before they’re banned. When set to0
, Git abuse rate limiting is disabled. - Enter a number in the Reporting time period (seconds) field, greater than or equal to
0
and less than or equal to86,400
(10 days). This number specifies the time in seconds a user can download the maximum amount of repositories before they’re banned. When set to0
, Git abuse rate limiting is disabled. - Optional. Exclude up to
100
users by adding them to the Excluded users field. Excluded users are not automatically banned. - Add up to
100
users to the Send notifications to field. You must select at least one user. All application administrators are selected by default. - Optional. Turn on the Automatically ban users from this namespace when they exceed the specified limits toggle to enable automatic banning.
- Enter a number in the Number of repositories field, greater than or equal to
- Select Save changes.
Automatic ban notifications
If automatic banning is disabled, a user is not banned automatically when they exceed the limit. However, notifications are still sent to the users listed under Send notifications to. You can use this setup to determine the correct values of the rate limit settings before enabling automatic banning.
If automatic banning is enabled, an email notification is sent when a user is about to be banned, and the user is automatically banned from the GitLab instance.
Unban a user
- On the left sidebar, at the bottom, select Admin.
- Select Overview > Users.
- Select the Banned tab and search for the account you want to unban.
- From the User administration dropdown list select Unban user.
- On the confirmation dialog, select Unban user.