Merge branch 'poffey21-master-patch-34415' into 'master'

Add caveat regarding API interactions See merge request gitlab-org/gitlab!59307

Merge branch 'poffey21-master-patch-34415' into 'master'
Add caveat regarding API interactions See merge request gitlab-org/gitlab!59307
37c6d69c · Suzanne Selhorn · cbcfc1f5 · fe9a762a · 37c6d69c
Commit 37c6d69c authored Apr 15, 2021 by Suzanne Selhorn
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

doc/user/group/index.md doc/user/group/index.md +6 -0

No files found.
--- a/doc/user/group/index.md
+++ b/doc/user/group/index.md
@@ -475,6 +475,12 @@ You should consider these security implications before configuring IP address re
 - **Administrators and group owners**: Users with these permission levels can always
  access the group settings, regardless of IP restriction, but they cannot access projects
  belonging to the group when accessing from a disallowed IP address.
+- **GitLab API and runner activities**: Only the [Groups](../../api/groups.md)
+  and [Projects](../../api/projects.md) APIs are protected by IP address restrictions.
+  When you register a runner, it is not bound by the IP restrictions. When the runner
+  requests a new job or an update to a job's state, it is also not bound by
+  the IP restrictions. But when the running CI/CD job sends Git requests from a
+  restricted IP address, the IP restriction prevents code from being cloned.
 To restrict group access by IP address: