Prevent access to users' data via simple URL edition


We made all projects private in our GitLab installation. But I discovered that it is possible to see a set of meaningful data about a user just by appending his login name to the URL of the GitLab installation. No need to log in: it is visible to the whole world. For instance, if our GitLab URL is, it is enough to go to to be presented with information about the user userloginname.

How to prevent this?



Go to Admin → Settings → General → Visibility and access controls

Then set it like below for this particular option:

It works: thanks!