Skip to content

Investigate why gitlab is sending warnings about new sign ons from internal IPs

Audience

Define what is needed, why is needed and by whom As a user, I want gitlab-apertispro.boschdevcloud.com to not send me spurious emails about a sign on from a location that can only be internal to the apertispro network, so that my confusion is reduced, and I am less likely to ignore real security warnings.

Background

I received the following email:

Hi EXTERNAL [REDACTED]! A sign-in to your account has been made from the following IP address: 10.244.4.29 If you recently signed in and recognize the IP address, you may disregard this email. If you did not recently sign in, you should immediately change your password: https://docs.gitlab.com/ee/user/profile/#changing-your-password. Passwords should be unique and not used for any other sites or services. To further protect your account, consider configuring a two-factor authentication method: https://docs.gitlab.com/ee/user/profile/account/two_factor_authentication.html.

-- You're receiving this email because of your account on gitlab-apertispro.boschdevcloud.com.

This was send immediately after I clicked on a link to a page on this gitlab, which I accessed via SSO (I do not have a password set, I used a PAT for repository access). I am not on the internal network, or any kind of VPN, so this IP cannot possibly legitimately represent my own IP.

Due date

Any specific due date for resolving this task?

Dependencies

External dependencies which are not tasks. Dependencies on other tasks should be added a blockers instead.

Acceptance criteria

add the high-level goals you want to complete [] The cause of the email has been identified. [] A task has been created to rectify the issue, which is now understood, and can be at least broadly scoped.

Out of scope

List of items that are specifically not in scope, there should normally be at least one listed

  • Fixing the problem is not in scope.

Outcomes

List here the products and results of this task once completed

Followup activities

The next steps once this task is completed

Management data

This section is for management only, it should be the last one in the description.

Phabricator link: https://phabricator.apertis.org/T9479