rack-attack 2.1.0 → 2.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of rack-attack might be problematic. Click here for more details.
- checksums.yaml +15 -0
- data/README.md +13 -1
- data/lib/rack/attack/cache.rb +1 -2
- data/lib/rack/attack/throttle.rb +3 -2
- data/lib/rack/attack/version.rb +1 -1
- data/spec/spec_helper.rb +6 -2
- metadata +8 -25
checksums.yaml
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
---
|
|
2
|
+
!binary "U0hBMQ==":
|
|
3
|
+
metadata.gz: !binary |-
|
|
4
|
+
ZmExMGQ3ZWEwMTBlMWY1N2ViNjgyMDM0YTI5Njc4ODQzZjU0NmQ3MQ==
|
|
5
|
+
data.tar.gz: !binary |-
|
|
6
|
+
MDJmYTBjNWE4NTAzNzQ0Yjg1MjQ4MWE5ZDE1YzU4OWU4YTkxZDBkMA==
|
|
7
|
+
!binary "U0hBNTEy":
|
|
8
|
+
metadata.gz: !binary |-
|
|
9
|
+
ZDJmYWJjMzhhYTdkZTYxMjM0ZDY2OGQ0ZjA2NzQ2ZGU2YTBiOWY2N2EwYTA2
|
|
10
|
+
MGIzNTBiMjAwMDhhYWE2YzMyZTI0OTk3MGM5MjU4NmQzYTc4YzdmNDYxNzcx
|
|
11
|
+
OTljOTVjNGE4YTQ1ZDQyMzY2MDdiMjUyZGFhNjFjNzc0NDBiZWQ=
|
|
12
|
+
data.tar.gz: !binary |-
|
|
13
|
+
Y2E5NGViNGQxMGFmMTM0ZWM2N2YzYWQ4Yjg4ZTkyMDdkNTY5NGVjOWUwNzEx
|
|
14
|
+
M2ViYWJlZWFiNTcxNGIwODk0Nzk5MDY5YjA5N2Y2MjE5ZjYxYTkzNzcyMWFk
|
|
15
|
+
NjQ4YzVhZGY0N2U2NzE1NjQwODkyYzIzMDFmZDMxYmM0ZmVlM2U=
|
data/README.md
CHANGED
|
@@ -154,6 +154,18 @@ You can subscribe to 'rack.attack' events and log it, graph it, etc:
|
|
|
154
154
|
puts req.inspect
|
|
155
155
|
end
|
|
156
156
|
|
|
157
|
+
## Performance
|
|
158
|
+
|
|
159
|
+
The overhead of running Rack::Attack is typically negligible (a few milliseconds per request),
|
|
160
|
+
but it depends on how many checks you've configured, and how long they take.
|
|
161
|
+
Throttles usually require a network roundtrip to your cache server(s),
|
|
162
|
+
so try to keep the number of throttle checks per request low.
|
|
163
|
+
|
|
164
|
+
If a request is blacklisted or throttled, the response is a very simple Rack response.
|
|
165
|
+
A single typical ruby web server thread can block several hundred requests per second.
|
|
166
|
+
|
|
167
|
+
Rack::Attack complements tools like `iptables` and nginx's [limit_zone module](http://wiki.nginx.org/HttpLimitZoneModule).
|
|
168
|
+
|
|
157
169
|
## Motivation
|
|
158
170
|
|
|
159
171
|
Abusive clients range from malicious login crackers to naively-written scrapers.
|
|
@@ -164,7 +176,7 @@ It is impractical if not impossible to block abusive clients completely.
|
|
|
164
176
|
Rack::Attack aims to let developers quickly mitigate abusive requests and rely
|
|
165
177
|
less on short-term, one-off hacks to block a particular attack.
|
|
166
178
|
|
|
167
|
-
|
|
179
|
+
See also: the [Backing & Hacking blog post](http://www.kickstarter.com/backing-and-hacking/rack-attack-protection-from-abusive-clients) introducing Rack::Attack.
|
|
168
180
|
|
|
169
181
|
[](https://travis-ci.org/kickstarter/rack-attack)
|
|
170
182
|
[](https://codeclimate.com/github/kickstarter/rack-attack)
|
data/lib/rack/attack/cache.rb
CHANGED
|
@@ -12,13 +12,12 @@ module Rack
|
|
|
12
12
|
attr_reader :store
|
|
13
13
|
def store=(store)
|
|
14
14
|
# RedisStore#increment needs different behavior, so detect that
|
|
15
|
-
# (method has an arity of 2; must call #expire
|
|
15
|
+
# (method has an arity of 2; must call #expire separately
|
|
16
16
|
if defined?(::ActiveSupport::Cache::RedisStore) && store.is_a?(::ActiveSupport::Cache::RedisStore)
|
|
17
17
|
# ActiveSupport::Cache::RedisStore doesn't expose any way to set an expiry,
|
|
18
18
|
# so use the raw Redis::Store instead
|
|
19
19
|
@store = store.instance_variable_get(:@data)
|
|
20
20
|
else
|
|
21
|
-
@redis_store = false
|
|
22
21
|
@store = store
|
|
23
22
|
end
|
|
24
23
|
end
|
data/lib/rack/attack/throttle.rb
CHANGED
|
@@ -1,14 +1,15 @@
|
|
|
1
1
|
module Rack
|
|
2
2
|
module Attack
|
|
3
3
|
class Throttle
|
|
4
|
+
MANDATORY_OPTIONS = [:limit, :period]
|
|
4
5
|
attr_reader :name, :limit, :period, :block
|
|
5
6
|
def initialize(name, options, block)
|
|
6
7
|
@name, @block = name, block
|
|
7
|
-
|
|
8
|
+
MANDATORY_OPTIONS.each do |opt|
|
|
8
9
|
raise ArgumentError.new("Must pass #{opt.inspect} option") unless options[opt]
|
|
9
10
|
end
|
|
10
11
|
@limit = options[:limit]
|
|
11
|
-
@period = options[:period]
|
|
12
|
+
@period = options[:period].to_i
|
|
12
13
|
end
|
|
13
14
|
|
|
14
15
|
def cache
|
data/lib/rack/attack/version.rb
CHANGED
data/spec/spec_helper.rb
CHANGED
|
@@ -4,11 +4,15 @@ require "bundler/setup"
|
|
|
4
4
|
require "minitest/autorun"
|
|
5
5
|
require "minitest/pride"
|
|
6
6
|
require "rack/test"
|
|
7
|
-
require 'debugger'
|
|
8
7
|
require 'active_support'
|
|
9
|
-
|
|
10
8
|
require "rack/attack"
|
|
11
9
|
|
|
10
|
+
begin
|
|
11
|
+
require 'debugger'
|
|
12
|
+
rescue LoadError
|
|
13
|
+
#nothing to do here
|
|
14
|
+
end
|
|
15
|
+
|
|
12
16
|
class Minitest::Spec
|
|
13
17
|
|
|
14
18
|
include Rack::Test::Methods
|
metadata
CHANGED
|
@@ -1,20 +1,18 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-attack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
5
|
-
prerelease:
|
|
4
|
+
version: 2.1.1
|
|
6
5
|
platform: ruby
|
|
7
6
|
authors:
|
|
8
7
|
- Aaron Suggs
|
|
9
8
|
autorequire:
|
|
10
9
|
bindir: bin
|
|
11
10
|
cert_chain: []
|
|
12
|
-
date: 2013-
|
|
11
|
+
date: 2013-05-16 00:00:00.000000000 Z
|
|
13
12
|
dependencies:
|
|
14
13
|
- !ruby/object:Gem::Dependency
|
|
15
14
|
name: rack
|
|
16
15
|
requirement: !ruby/object:Gem::Requirement
|
|
17
|
-
none: false
|
|
18
16
|
requirements:
|
|
19
17
|
- - ! '>='
|
|
20
18
|
- !ruby/object:Gem::Version
|
|
@@ -22,7 +20,6 @@ dependencies:
|
|
|
22
20
|
type: :runtime
|
|
23
21
|
prerelease: false
|
|
24
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
25
|
-
none: false
|
|
26
23
|
requirements:
|
|
27
24
|
- - ! '>='
|
|
28
25
|
- !ruby/object:Gem::Version
|
|
@@ -30,7 +27,6 @@ dependencies:
|
|
|
30
27
|
- !ruby/object:Gem::Dependency
|
|
31
28
|
name: minitest
|
|
32
29
|
requirement: !ruby/object:Gem::Requirement
|
|
33
|
-
none: false
|
|
34
30
|
requirements:
|
|
35
31
|
- - ! '>='
|
|
36
32
|
- !ruby/object:Gem::Version
|
|
@@ -38,7 +34,6 @@ dependencies:
|
|
|
38
34
|
type: :development
|
|
39
35
|
prerelease: false
|
|
40
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
41
|
-
none: false
|
|
42
37
|
requirements:
|
|
43
38
|
- - ! '>='
|
|
44
39
|
- !ruby/object:Gem::Version
|
|
@@ -46,7 +41,6 @@ dependencies:
|
|
|
46
41
|
- !ruby/object:Gem::Dependency
|
|
47
42
|
name: rack-test
|
|
48
43
|
requirement: !ruby/object:Gem::Requirement
|
|
49
|
-
none: false
|
|
50
44
|
requirements:
|
|
51
45
|
- - ! '>='
|
|
52
46
|
- !ruby/object:Gem::Version
|
|
@@ -54,7 +48,6 @@ dependencies:
|
|
|
54
48
|
type: :development
|
|
55
49
|
prerelease: false
|
|
56
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
57
|
-
none: false
|
|
58
51
|
requirements:
|
|
59
52
|
- - ! '>='
|
|
60
53
|
- !ruby/object:Gem::Version
|
|
@@ -62,7 +55,6 @@ dependencies:
|
|
|
62
55
|
- !ruby/object:Gem::Dependency
|
|
63
56
|
name: rake
|
|
64
57
|
requirement: !ruby/object:Gem::Requirement
|
|
65
|
-
none: false
|
|
66
58
|
requirements:
|
|
67
59
|
- - ! '>='
|
|
68
60
|
- !ruby/object:Gem::Version
|
|
@@ -70,7 +62,6 @@ dependencies:
|
|
|
70
62
|
type: :development
|
|
71
63
|
prerelease: false
|
|
72
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
73
|
-
none: false
|
|
74
65
|
requirements:
|
|
75
66
|
- - ! '>='
|
|
76
67
|
- !ruby/object:Gem::Version
|
|
@@ -78,7 +69,6 @@ dependencies:
|
|
|
78
69
|
- !ruby/object:Gem::Dependency
|
|
79
70
|
name: activesupport
|
|
80
71
|
requirement: !ruby/object:Gem::Requirement
|
|
81
|
-
none: false
|
|
82
72
|
requirements:
|
|
83
73
|
- - ! '>='
|
|
84
74
|
- !ruby/object:Gem::Version
|
|
@@ -86,7 +76,6 @@ dependencies:
|
|
|
86
76
|
type: :development
|
|
87
77
|
prerelease: false
|
|
88
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
89
|
-
none: false
|
|
90
79
|
requirements:
|
|
91
80
|
- - ! '>='
|
|
92
81
|
- !ruby/object:Gem::Version
|
|
@@ -94,23 +83,20 @@ dependencies:
|
|
|
94
83
|
- !ruby/object:Gem::Dependency
|
|
95
84
|
name: debugger
|
|
96
85
|
requirement: !ruby/object:Gem::Requirement
|
|
97
|
-
none: false
|
|
98
86
|
requirements:
|
|
99
87
|
- - ~>
|
|
100
88
|
- !ruby/object:Gem::Version
|
|
101
|
-
version: 1.
|
|
89
|
+
version: '1.5'
|
|
102
90
|
type: :development
|
|
103
91
|
prerelease: false
|
|
104
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
105
|
-
none: false
|
|
106
93
|
requirements:
|
|
107
94
|
- - ~>
|
|
108
95
|
- !ruby/object:Gem::Version
|
|
109
|
-
version: 1.
|
|
96
|
+
version: '1.5'
|
|
110
97
|
- !ruby/object:Gem::Dependency
|
|
111
98
|
name: redis-activesupport
|
|
112
99
|
requirement: !ruby/object:Gem::Requirement
|
|
113
|
-
none: false
|
|
114
100
|
requirements:
|
|
115
101
|
- - ! '>='
|
|
116
102
|
- !ruby/object:Gem::Version
|
|
@@ -118,7 +104,6 @@ dependencies:
|
|
|
118
104
|
type: :development
|
|
119
105
|
prerelease: false
|
|
120
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
-
none: false
|
|
122
107
|
requirements:
|
|
123
108
|
- - ! '>='
|
|
124
109
|
- !ruby/object:Gem::Version
|
|
@@ -126,7 +111,6 @@ dependencies:
|
|
|
126
111
|
- !ruby/object:Gem::Dependency
|
|
127
112
|
name: dalli
|
|
128
113
|
requirement: !ruby/object:Gem::Requirement
|
|
129
|
-
none: false
|
|
130
114
|
requirements:
|
|
131
115
|
- - ! '>='
|
|
132
116
|
- !ruby/object:Gem::Version
|
|
@@ -134,7 +118,6 @@ dependencies:
|
|
|
134
118
|
type: :development
|
|
135
119
|
prerelease: false
|
|
136
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
137
|
-
none: false
|
|
138
121
|
requirements:
|
|
139
122
|
- - ! '>='
|
|
140
123
|
- !ruby/object:Gem::Version
|
|
@@ -162,28 +145,27 @@ files:
|
|
|
162
145
|
- spec/spec_helper.rb
|
|
163
146
|
homepage: http://github.com/kickstarter/rack-attack
|
|
164
147
|
licenses: []
|
|
148
|
+
metadata: {}
|
|
165
149
|
post_install_message:
|
|
166
150
|
rdoc_options:
|
|
167
151
|
- --charset=UTF-8
|
|
168
152
|
require_paths:
|
|
169
153
|
- lib
|
|
170
154
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
171
|
-
none: false
|
|
172
155
|
requirements:
|
|
173
156
|
- - ! '>='
|
|
174
157
|
- !ruby/object:Gem::Version
|
|
175
158
|
version: 1.9.3
|
|
176
159
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
177
|
-
none: false
|
|
178
160
|
requirements:
|
|
179
161
|
- - ! '>='
|
|
180
162
|
- !ruby/object:Gem::Version
|
|
181
163
|
version: '0'
|
|
182
164
|
requirements: []
|
|
183
165
|
rubyforge_project:
|
|
184
|
-
rubygems_version:
|
|
166
|
+
rubygems_version: 2.0.3
|
|
185
167
|
signing_key:
|
|
186
|
-
specification_version:
|
|
168
|
+
specification_version: 4
|
|
187
169
|
summary: Block & throttle abusive requests
|
|
188
170
|
test_files:
|
|
189
171
|
- spec/rack_attack_cache_spec.rb
|
|
@@ -191,3 +173,4 @@ test_files:
|
|
|
191
173
|
- spec/rack_attack_throttle_spec.rb
|
|
192
174
|
- spec/rack_attack_track_spec.rb
|
|
193
175
|
- spec/spec_helper.rb
|
|
176
|
+
has_rdoc:
|