Placing GitLab behind Anubis

Mark Seemann mark at ploeh.dk
Tue Jun 17 05:27:41 UTC 2025 

Hi

I'm currently just a lurker here, so my opinion may not count as much as those who actually contribute, but perhaps other readers have the same questions as I do.

- What does 'small' mean? Are we talking about a second of work, minutes, hours?
- Do clients need to install custom software to interact, or is that work done via existing protocols?

TIA

Mark Seemann

-----Original Message-----
From: ghc-devs <ghc-devs-bounces at haskell.org> On Behalf Of Ben Gamari
Sent: 16. juni 2025 23:04
To: GHC developers <ghc-devs at haskell.org>
Subject: Placing GitLab behind Anubis

Hi all,

As you may know, for the last few years we have used a variety of strategies for dealing with the problem of abuse and spam on gitlab.haskell.org. The currently-employed and seemingly most effective technique has been to require manual approval of new account requests.

This has always been an uneasy compromise. Not only does this approval process add considerable friction to the contribution process, the increasing prevalence of ill-behaved web crawlers has rendered the approach less and less effective at prevent that form of abuse.

For this reason we now exploring alternative approaches. One promising strategy employed by other FOSS GitLab deployments (e.g.
gitlab.freedesktop.org) is the Anubis proof-of-work system. Anubis works by forcing the client to perform a small (but non-negligible) amount of work before requests are serviced. This will mean that GitLab users'
clients will periodically be asked to perform small amounts of work.
While Anubis primarily targets crawlers, it may be that the slight increase in per-request cost might also allow us to lift our manual account approval requirement.

Ultimately, the only way to find out is to try. If there are no objections, I will place Anubis in front of GitLab starting next week.
During this process we will assess the effectiveness of Anubis at prevent both spam and over-zealous crawlers. This may require a bit of iterative parameter tuning but I am hopeful that the end result might be a more accessible and faster GitLab instance for us all.

Let me know what you think.

Cheers,

- Ben


[1] https://github.com/TecharoHQ/anubis

More information about the ghc-devs mailing list