IP address restrictions help prevent malicious users hiding their activities behind multiple IP addresses.
GitLab maintains a list of the unique IP addresses used by a user to make requests over a specified period. When the
specified limit is reached, any requests made by the user from a new IP address are rejected with a
403 Forbidden error.
IP addresses are cleared from the list when no further requests have been made by the user from the IP address in the specified time period.
- On the left sidebar, select Search or go to.
- Select Admin Area.
- Select Settings > Reporting.
- Expand Spam and Anti-bot Protection.
- Update the IP address restrictions settings:
- Select the Limit sign in from multiple IP addresses checkbox to enable IP address restrictions.
- Enter a number in the IP addresses per user field, greater than or equal to
1. This number specifies the maximum number of unique IP addresses a user can access GitLab from in the specified time period before requests from a new IP address are rejected.
- Enter a number in the IP address expiration time field, greater than or equal to
0. This number specifies the time in seconds an IP address counts towards the limit for a user, taken from the time the last request was made.
- Select Save changes.