I have been getting 429 on push and pull requests quite often. I also got this today as I logged in to the forum. When on the web, there is a request to report this, so I am a bit surprised that there isn’t already a thread about it. My collaborator is experiencing the same thing, so it isn’t just me.
429 means that you’re rate limited by HAProxy.
The default request limits are usually so generous that it shouldn’t affect daily use. There are multiple jails. Some of them become active if you have repeated failed/invalid requests (4xx). Can you check in your browser devtools if you see such when browsing the web interface or the forum?
If your IP is 185.238.xxx: this one is currently in both haproxy-badreq and haproxy-scanner jails:
Repeated failed requests to avatar endpoints:
- /avatar/a3878d8d76f8215b1e9e9d45fb83cd89?size=48 → HTTP 400
- /avatar/a3878d8d76f8215b1e9e9d45fb83cd89?size=56 → HTTP 400
- /issues → HTTP 400
If this is not your IP, please send the problematic via DM here and we’ll have a look.
Another possible reason might be the use of a central VPN, which might exceed the limits for a single IP through accumulated usage by multiple users.
I’m not using VPN and my IP is not int that range. I get this error using gitkraken and don’t really know how to see that from gitkraken. Today I am only getting this error from gitkraken and not from safari. Last time it was both.
Ok, now I get it all the time from gitkraken and some of the time in safari.
Alright thanks, that already helps a bit to understand where the requests come from.
To diagnose further, you’d need to share your IP with us so we can check it against the logs. You can do so by clicking on the users profile and then use “Message”.
I assume GitKraken might do some requests that lead to 4xx. As it comes from the same IP, this also then impacts any interaction with the platform, e.g. browsing the UI via Safari.
We’ve inspected what caused the IP 213.xxx to be rate limited:
- GitKraken is running periodic git fetches every minute
- Some of these are unauthenticated which result in a 401 - this is then retried a few times and quickly resulting in a 429 ban
The underlying reason is that Git HTTP auth always does a 401-then-authenticate dance:
- Client sends unauthenticated request → gets 401
- Client resends with credentials → gets 200
This is “normal” behavior but the 401 requests will be counted towards the jails looking for failed requests within a certain time period.
We have now adjusted the config so that git-based 401 responses are treated more gently. What might help in addition is to check (and if missing configure) local git credential caching (git config credential.helper cache). This should avoid the “authentication dance” from git for every request as it should make use of the credential cache.
Please check again and report your experiences!
Thank you for your help. This explains a lot. Gitkraken does not have an obvious way to turn on local git credential hashing without turning of the credential manager in gitkraken completely. I will look in to this further on but for now I turned off the periodic fetches instead.
I will report back if I have any more issues with this. Thank you again for the assistance.
1 Like