参考
https://docs.gitlab.com/ee/security/rack_attack.html#remove-blocked-ips-from-rack-attack-via-redis
简言之:
1.获取哪里记录的ip黑名单
grep "Rack_Attack" /var/log/gitlab/gitlab-rails/auth.log
grep "Rack_Attack" /var/log/gitlab/gitlab-rails/production.log
grep unixsocket /var/opt/gitlab/redis/redis.conf三选其一,总会找到gitlab连接的redis所用的socket文件
我是通过grep unixsocket /var/opt/gitlab/redis/redis.conf得到/var/opt/gitlab/redis/redis.socket的
redis.conf路径可以通过sudo find / -name redis.conf查看,应该不会有太多
2.假如上面三个之一得到/var/opt/gitlab/redis/redis.socket,利用redis-cli进行连接
redis-cli -s /var/opt/gitlab/redis/redis.socketredis-cli也可以写全路径/opt/gitlab/embedded/bin/redis-cli
3.连接好redis后找到哪些被列入黑名单
redis /var/opt/gitlab/redis/redis.socket> keys *attack*
"cache:gitlab:rack::attack:allow2ban:ban:106.101.xx.xxx"redis /var/opt/gitlab/redis/redis.socket>只是redis工具的命令提示,不用关心
keys *attack*找到attack相关的key,一般形式为cache:gitlab:rack::attack:allow2ban:ban:<ip>
4.如果有多个,就看那个ip需要从黑名单移除了
del cache:gitlab:rack::attack:allow2ban:ban:106.101.xx.xxx5.添加白名单(黑名单都移除了,白名单也可以不用了),如果出现错误403,百度发现一堆都是加白名单的方法,不赘述了,参考
https://docs.gitlab.com/ee/security/rack_attack.html#settings
如果ip一直变的话,加白名单也没用,得一直从黑名单删除,如果麻烦,还是不要用ip连接git服务器,用key会方便些
