Rate limits on Git HTTP

  • Tier: Free, Premium, Ultimate
  • Offering: GitLab Self-Managed, GitLab Dedicated
History

If you use Git HTTP in your repository, common Git operations can generate many Git HTTP requests. GitLab can enforce rate limits on both authenticated and unauthenticated Git HTTP requests to improve the security and durability of your web application.

General user and IP rate limits aren’t applied to Git HTTP requests.

Configure unauthenticated Git HTTP rate limits

GitLab disables rate limits on unauthenticated Git HTTP requests by default.

To apply rate limits to Git HTTP requests that do not contain authentication parameters, enable and configure these limits:

  1. On the left sidebar, at the bottom, select Admin.
  2. Select Settings > Network.
  3. Expand Git HTTP rate limits.
  4. Select Enable unauthenticated Git HTTP request rate limit.
  5. Enter a value for Max unauthenticated Git HTTP requests per period per user.
  6. Enter a value for Unauthenticated Git HTTP rate limit period in seconds.
  7. Select Save changes.

Configure authenticated Git HTTP rate limits

History

The availability of this feature is controlled by a feature flag. For more information, see the history.

GitLab disables rate limits on authenticated Git HTTP requests by default.

To apply rate limits to Git HTTP requests that contain authentication parameters, enable and configure these limits:

  1. On the left sidebar, at the bottom, select Admin.
  2. Select Settings > Network.
  3. Expand Git HTTP rate limits.
  4. Select Enable authenticated Git HTTP request rate limit.
  5. Enter a value for Max authenticated Git HTTP requests per period per user.
  6. Enter a value for Authenticated Git HTTP rate limit period in seconds.
  7. Select Save changes.