ContextQMD
Back to Gitlabhq

Rate limits on Git HTTP

doc/administration/settings/git_http_rate_limits.md

18.11.22.7 KB
Original Source

{{< details >}}

  • Tier: Free, Premium, Ultimate
  • Offering: GitLab Self-Managed, GitLab Dedicated

{{< /details >}}

{{< history >}}

{{< /history >}}

If you use Git HTTP in your repository, common Git operations can generate many Git HTTP requests. GitLab can enforce rate limits on both authenticated and unauthenticated Git HTTP requests to improve the security and durability of your web application.

[!note] General user and IP rate limits aren't applied to Git HTTP requests.

Prerequisites

You must have administrator access.

Configure unauthenticated Git HTTP rate limits

GitLab disables rate limits on unauthenticated Git HTTP requests by default.

To apply rate limits to Git HTTP requests that do not contain authentication parameters, enable and configure these limits:

  1. In the upper-right corner, select Admin.
  2. Select Settings > Network.
  3. Expand Git HTTP rate limits.
  4. Select Enable unauthenticated Git HTTP request rate limit.
  5. Enter a value for Max unauthenticated Git HTTP requests per period per user.
  6. Enter a value for Unauthenticated Git HTTP rate limit period in seconds.
  7. Select Save changes.

Configure authenticated Git HTTP rate limits

{{< history >}}

{{< /history >}}

GitLab disables rate limits on authenticated Git HTTP requests by default.

To apply rate limits to Git HTTP requests that contain authentication parameters, enable and configure these limits:

  1. In the upper-right corner, select Admin.
  2. Select Settings > Network.
  3. Expand Git HTTP rate limits.
  4. Select Enable authenticated Git HTTP request rate limit.
  5. Enter a value for Max authenticated Git HTTP requests per period per user.
  6. Enter a value for Authenticated Git HTTP rate limit period in seconds.
  7. Select Save changes.

If required, you can allow specific users to bypass authenticated request rate limiting.