Gitlab::Auth::TooManyIps

tom.kinsella · November 19, 2018, 10:10pm

We have a user when running a pipeline there account seems to get blocked/locked.
In the logs we see:

Gitlab::Auth::TooManyIps (User 16 from IP:XXXXXXXX tried logging from too many ips: 4):
      lib/gitlab/auth/unique_ips_limiter.rb:12:in `limit_user_id!'
      lib/gitlab/auth/unique_ips_limiter.rb:18:in `limit_user!'
      config/initializers/warden.rb:3:in `block (2 levels) in <top (required)>'
      lib/gitlab/auth/user_auth_finders.rb:25:in `find_user_from_warden'
      lib/gitlab/auth/request_authenticator.rb:15:in `user'
      config/initializers/rack_attack_global.rb:51:in `authenticated_user_id'
      config/initializers/rack_attack_global.rb:47:in `unauthenticated?'
      config/initializers/rack_attack_global.rb:28:in `block in <class:Attack>'
      lib/gitlab/middleware/read_only/controller.rb:38:in `call'
      lib/gitlab/middleware/read_only.rb:16:in `call'
      lib/gitlab/middleware/basic_health_check.rb:25:in `call'
      lib/gitlab/request_context.rb:18:in `call'
      lib/gitlab/metrics/requests_rack_middleware.rb:27:in `call'
      lib/gitlab/middleware/release_env.rb:10:in `call'

In /etc/gitlab/gitlab.rb I have set the following value in the hopes of solving the issue:
gitlab_rails[‘rack_attack_git_basic_auth’] = {
‘enabled’ => false,
}

This had no effect. Any other thoughts as to how we can prevent this from happening? The system is internal so access attacks from outside the network are not a concern.

yorch · June 13, 2020, 10:35pm

I’m having the exact same problem. When a pipeline runs, my accounts get’s locked because of too many IPs (logs show 3 in my case). Not sure where those IPs are coming from actually, but it happens religiously every time I run a pipeline that is doing a docker login to my own Gitlab CI Docker Registry.

Any clues?

@tom.kinsella did you ever solve the problem?

Thanks

aidashilei · August 12, 2021, 8:52am

I am facing the same issue today. It looks like gitlab runners IP are also counted in the multiple IP access to account. And disable “rack_attack_git_basic_auth” does not help…

any solutions?

micah-yeager · October 14, 2021, 1:15pm

I had the same issue and was able to resolve it by going to Admin > Settings > Reporting > Spam and Anti-bot Protection, then adjust the following two settings:

IPs per user
IP expiration time

Solution adapted from this issue: Users getting automatically banned after some intensive MR reviews (#22854) · Issues · GitLab.org / GitLab · GitLab