Placing GitLab behind Anubis

[Ben Gamari]

Hi all,

As you may know, for the last few years we have used a variety of
strategies for dealing with the problem of abuse and spam on
gitlab.haskell.org. The currently-employed and seemingly most effective
technique has been to require manual approval of new account requests.

This has always been an uneasy compromise. Not only does this approval
process add considerable friction to the contribution process, the
increasing prevalence of ill-behaved web crawlers has rendered the
approach less and less effective at prevent that form of abuse.

For this reason we now exploring alternative approaches. One promising
strategy employed by other FOSS GitLab deployments (e.g.
gitlab.freedesktop.org) is the Anubis proof-of-work system. Anubis works
by forcing the client to perform a small (but non-negligible) amount of
work before requests are serviced. This will mean that GitLab users'
clients will periodically be asked to perform small amounts of work.
While Anubis primarily targets crawlers, it may be that the slight
increase in per-request cost might also allow us to lift our manual
account approval requirement.

Ultimately, the only way to find out is to try. If there are no
objections, I will place Anubis in front of GitLab starting next week.
During this process we will assess the effectiveness of Anubis at
prevent both spam and over-zealous crawlers. This may require a bit of
iterative parameter tuning but I am hopeful that the end result might be
a more accessible and faster GitLab instance for us all.

Let me know what you think.

Cheers,

- Ben


[1] https://github.com/TecharoHQ/anubis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 255 bytes
Desc: not available
URL: <http://mail.haskell.org/pipermail/ghc-devs/attachments/20250616/93bc3917/attachment.sig>