Rate limits on Git HTTP

Tier: Free, Premium, Ultimate Offering: Self-managed, GitLab Dedicated

If you use Git HTTP in your repository, common Git operations can generate many Git HTTP requests. Some of these Git HTTP requests do not contain authentication parameter and are considered unauthenticated. You can enforce rate limits on Git HTTP requests. This can improve the security and durability of your web application. General user and IP rate limits aren’t applied to Git HTTP requests.

Configure Git HTTP rate limits

Git HTTP rate limits are disabled by default. If enabled and configured, these limits are applied to Git HTTP requests.

To configure Git HTTP rate limits:

  1. On the left sidebar, at the bottom, select Admin Area.
  2. Select Settings > Network.
  3. Expand Git HTTP rate limits.
  4. Select Enable unauthenticated Git HTTP request rate limit.
  5. Enter a value for Max unauthenticated Git HTTP requests per period per user.
  6. Enter a value for Unauthenticated Git HTTP rate limit period in seconds.
  7. Select Save changes.