- Enable unauthenticated request rate limit for packages API
- Enable authenticated API request rate limit for packages API
Package Registry Rate Limits
With the GitLab Package Registry, you can use GitLab as a private or public registry for a variety of common package managers. You can publish and share packages, which others can consume as a dependency in downstream projects through the Packages API.
If downstream projects frequently download such dependencies, many requests are made through the Packages API. You may therefore reach enforced user and IP rate limits. To address this issue, you can define specific rate limits for the Packages API:
These limits are disabled by default.
When enabled, they supersede the general user and IP rate limits for requests to the Packages API. You can therefore keep the general user and IP rate limits, and increase the rate limits for the Packages API. Besides this precedence, there is no difference in functionality compared to the general user and IP rate limits.
Enable unauthenticated request rate limit for packages API
To enable the unauthenticated request rate limit:
- On the left sidebar, select Search or go to.
- Select Admin Area.
- Select Settings > Network.
- Expand Package registry rate limits.
-
Select Enable unauthenticated request rate limit.
- Optional. Update the Maximum unauthenticated requests per rate limit period per IP value.
Defaults to
800
. - Optional. Update the Unauthenticated rate limit period in seconds value.
Defaults to
15
.
- Optional. Update the Maximum unauthenticated requests per rate limit period per IP value.
Defaults to
Enable authenticated API request rate limit for packages API
To enable the authenticated API request rate limit:
- On the left sidebar, select Search or go to.
- Select Admin Area.
- Select Settings > Network
- Expand Package registry rate limits.
-
Select Enable authenticated API request rate limit.
- Optional. Update the Maximum authenticated API requests per rate limit period per user value.
Defaults to
1000
. - Optional. Update the Authenticated API rate limit period in seconds value.
Defaults to
15
.
- Optional. Update the Maximum authenticated API requests per rate limit period per user value.
Defaults to