rack-attack 1.3.0 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of rack-attack might be problematic. Click here for more details.
- data/README.md +7 -10
- data/lib/rack/attack/cache.rb +5 -3
- data/lib/rack/attack/version.rb +1 -1
- metadata +3 -3
data/README.md
CHANGED
|
@@ -83,7 +83,11 @@ Note that `req` is a [Rack::Request](http://rack.rubyforge.org/doc/classes/Rack/
|
|
|
83
83
|
|
|
84
84
|
## Responses
|
|
85
85
|
|
|
86
|
-
Customize the response of throttled requests using an object that adheres to the [Rack app interface](http://rack.rubyforge.org/doc/SPEC.html).
|
|
86
|
+
Customize the response of blacklisted and throttled requests using an object that adheres to the [Rack app interface](http://rack.rubyforge.org/doc/SPEC.html).
|
|
87
|
+
|
|
88
|
+
Rack:Attack.blacklisted_response = lambda do |env|
|
|
89
|
+
[ 503, {}, ['Blocked']]
|
|
90
|
+
end
|
|
87
91
|
|
|
88
92
|
Rack:Attack.throttled_response = lambda do |env|
|
|
89
93
|
# name and other data about the matched throttle
|
|
@@ -96,16 +100,9 @@ Customize the response of throttled requests using an object that adheres to the
|
|
|
96
100
|
[ 503, {}, [body]]
|
|
97
101
|
end
|
|
98
102
|
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
Rack:Attack.blacklisted_response = lambda do |env|
|
|
102
|
-
[ 503, {}, ['Blocked']]
|
|
103
|
-
end
|
|
104
|
-
|
|
105
|
-
For responses that did not exceed a throttle limit, Rack::Attack annotates the environment with match data.
|
|
106
|
-
For example, in out `reqs/ip` throttle above, a matching request would have:
|
|
103
|
+
For responses that did not exceed a throttle limit, Rack::Attack annotates the env with match data:
|
|
107
104
|
|
|
108
|
-
request.env['rack.attack.throttle_data'][
|
|
105
|
+
request.env['rack.attack.throttle_data'][name] # => { :count => n, :period => p, :limit => l }
|
|
109
106
|
|
|
110
107
|
## Logging & Instrumentation
|
|
111
108
|
|
data/lib/rack/attack/cache.rb
CHANGED
|
@@ -9,11 +9,13 @@ module Rack
|
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
def count(unprefixed_key, period)
|
|
12
|
-
|
|
13
|
-
|
|
12
|
+
epoch_time = Time.now.to_i
|
|
13
|
+
expires_in = period - (epoch_time % period)
|
|
14
|
+
key = "#{prefix}:#{epoch_time/period}:#{unprefixed_key}"
|
|
15
|
+
result = store.increment(key, 1, :expires_in => expires_in)
|
|
14
16
|
# NB: Some stores return nil when incrementing uninitialized values
|
|
15
17
|
if result.nil?
|
|
16
|
-
store.write(key, 1)
|
|
18
|
+
store.write(key, 1, :expires_in => expires_in)
|
|
17
19
|
end
|
|
18
20
|
result || 1
|
|
19
21
|
end
|
data/lib/rack/attack/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-attack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.1
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2012-08-
|
|
12
|
+
date: 2012-08-09 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rack
|
|
@@ -145,7 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
145
145
|
version: '0'
|
|
146
146
|
requirements: []
|
|
147
147
|
rubyforge_project:
|
|
148
|
-
rubygems_version: 1.8.
|
|
148
|
+
rubygems_version: 1.8.23
|
|
149
149
|
signing_key:
|
|
150
150
|
specification_version: 3
|
|
151
151
|
summary: Block & throttle abusive requests
|