rack-attack 1.1.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of rack-attack might be problematic. Click here for more details.
- data/README.md +17 -18
- data/lib/rack/attack.rb +5 -2
- data/lib/rack/attack/version.rb +1 -1
- metadata +1 -1
data/README.md
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Rack::Attack!!!
|
|
2
|
-
A DSL for blocking & thottling abusive clients
|
|
2
|
+
*A DSL for blocking & thottling abusive clients*
|
|
3
3
|
|
|
4
4
|
Rack::Attack is a rack middleware to protect your web app from bad clients.
|
|
5
5
|
It allows *whitelisting*, *blacklisting*, and *thottling* based on arbitrary properties of the request.
|
|
@@ -8,9 +8,10 @@ Thottle state is stored in a configurable cache (e.g. `Rails.cache`), presumably
|
|
|
8
8
|
|
|
9
9
|
## Installation
|
|
10
10
|
|
|
11
|
-
|
|
11
|
+
Install the [rack-attack](http://rubygems.org/gems/rack-attack) gem; or add it to you Gemfile with bundler:
|
|
12
12
|
|
|
13
|
-
|
|
13
|
+
# In your Gemfile
|
|
14
|
+
gem 'rack-attack'
|
|
14
15
|
|
|
15
16
|
Tell your app to use the Rack::Attack middleware.
|
|
16
17
|
For Rails 3 apps:
|
|
@@ -18,22 +19,23 @@ For Rails 3 apps:
|
|
|
18
19
|
# In config/application.rb
|
|
19
20
|
config.middleware.use Rack::Attack
|
|
20
21
|
|
|
21
|
-
Or
|
|
22
|
+
Or for Rackup files:
|
|
22
23
|
|
|
24
|
+
# In config.ru
|
|
23
25
|
use Rack::Attack
|
|
24
26
|
|
|
25
27
|
Optionally configure the cache store for throttling:
|
|
26
28
|
|
|
27
|
-
Rack::Attack.cache.store =
|
|
29
|
+
Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new # defaults to Rails.cache
|
|
28
30
|
|
|
29
|
-
Note that `Rack::Attack.cache` is only used for throttling, not blacklisting & whitelisting.
|
|
31
|
+
Note that `Rack::Attack.cache` is only used for throttling, not blacklisting & whitelisting. Your cache store must implement `increment` and `write` like [ActiveSupport::Cache::Store](http://api.rubyonrails.org/classes/ActiveSupport/Cache/Store.html).
|
|
30
32
|
|
|
31
33
|
## How it works
|
|
32
34
|
|
|
33
|
-
The Rack::Attack middleware
|
|
35
|
+
The Rack::Attack middleware compares each request against *whitelists*, *blacklists*, and *throttles* that you define. There are none by default.
|
|
34
36
|
|
|
35
|
-
* If the request matches any whitelist,
|
|
36
|
-
* If the request matches any blacklist,
|
|
37
|
+
* If the request matches any whitelist, it is allowed. Blacklists and throttles are not checked.
|
|
38
|
+
* If the request matches any blacklist, it is blocked. Throttles are not checked.
|
|
37
39
|
* If the request matches any throttle, a counter is incremented in the Rack::Attack.cache. If the throttle limit is exceeded, the request is blocked and further throttles are not checked.
|
|
38
40
|
|
|
39
41
|
## Usage
|
|
@@ -83,17 +85,18 @@ Customize the response of throttled requests using an object that adheres to the
|
|
|
83
85
|
|
|
84
86
|
Rack:Attack.throttled_response = lambda do |env|
|
|
85
87
|
# name and other data about the matched throttle
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
88
|
+
body = [
|
|
89
|
+
env['rack.attack.matched'],
|
|
90
|
+
env['rack.attack.match_type'],
|
|
91
|
+
env['rack.attack.match_data']
|
|
92
|
+
].inspect
|
|
89
93
|
|
|
90
|
-
[ 503, {}, [
|
|
94
|
+
[ 503, {}, [body]]
|
|
91
95
|
end
|
|
92
96
|
|
|
93
97
|
Similarly for blacklisted responses:
|
|
94
98
|
|
|
95
99
|
Rack:Attack.blacklisted_response = lambda do |env|
|
|
96
|
-
env['rack.attack.blacklisted'] # name of the matched blacklist
|
|
97
100
|
[ 503, {}, ['Blocked']]
|
|
98
101
|
end
|
|
99
102
|
|
|
@@ -119,10 +122,6 @@ less on short-term, one-off hacks to block a particular attack.
|
|
|
119
122
|
|
|
120
123
|
Rack::Attack complements `iptables` and nginx's [limit_zone module](http://wiki.nginx.org/HttpLimitZoneModule).
|
|
121
124
|
|
|
122
|
-
## Thanks
|
|
123
|
-
|
|
124
|
-
Thanks to [Kickstarter](https://github.com/kickstarter) for sponsoring Rack::Attack development
|
|
125
|
-
|
|
126
125
|
[](http://travis-ci.org/ktheory/rack-attack)
|
|
127
126
|
|
|
128
127
|
## License
|
data/lib/rack/attack.rb
CHANGED
|
@@ -7,7 +7,7 @@ module Rack::Attack
|
|
|
7
7
|
|
|
8
8
|
class << self
|
|
9
9
|
|
|
10
|
-
attr_accessor :
|
|
10
|
+
attr_accessor :notifier, :blacklisted_response, :throttled_response
|
|
11
11
|
|
|
12
12
|
def whitelist(name, &block)
|
|
13
13
|
self.whitelists[name] = Whitelist.new(name, block)
|
|
@@ -29,7 +29,6 @@ module Rack::Attack
|
|
|
29
29
|
@app = app
|
|
30
30
|
|
|
31
31
|
# Set defaults
|
|
32
|
-
@cache ||= Cache.new
|
|
33
32
|
@notifier ||= ActiveSupport::Notifications if defined?(ActiveSupport::Notifications)
|
|
34
33
|
@blacklisted_response ||= lambda {|env| [503, {}, ['Blocked']] }
|
|
35
34
|
@throttled_response ||= lambda {|env|
|
|
@@ -78,6 +77,10 @@ module Rack::Attack
|
|
|
78
77
|
notifier.instrument('rack.attack', req) if notifier
|
|
79
78
|
end
|
|
80
79
|
|
|
80
|
+
def cache
|
|
81
|
+
@cache ||= Cache.new
|
|
82
|
+
end
|
|
83
|
+
|
|
81
84
|
def clear!
|
|
82
85
|
@whitelists, @blacklists, @throttles = {}, {}, {}
|
|
83
86
|
end
|
data/lib/rack/attack/version.rb
CHANGED