Rate limit on Projects API (FREE SELF)
- Introduced in GitLab 15.10 with a flag named
rate_limit_for_unauthenticated_projects_api_access
. Disabled by default.- Enabled on GitLab.com on May 08, 2023.
- Enabled on self-managed in GitLab 16.0 by default.
- Generally available in GitLab 16.0. Feature flag
rate_limit_for_unauthenticated_projects_api_access
removed.
You can configure the rate limit per IP address for unauthenticated requests to the list all projects API.
To change the rate limit:
- On the left sidebar, expand the top-most chevron ({chevron-down}).
- Select Admin Area.
- Select Settings > Network.
- Expand Projects API rate limit.
- In the Maximum requests per 10 minutes per IP address text box, enter the new value.
- Select Save changes.
The rate limit:
- Applies per IP address.
- Doesn't apply to authenticated requests.
- Can be set to 0 to disable rate limiting.
The default value of the rate limit is 400
.
Requests over the rate limit are logged into the auth.log
file.
For example, if you set a limit of 400, unauthenticated requests to the GET /projects
API endpoint that
exceed a rate of 400 within 10 minutes are blocked. Access to the endpoint is restored after ten minutes have elapsed.