rack-attack 2.1.0 → 2.1.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of rack-attack might be problematic. Click here for more details.

checksums.yaml ADDED
@@ -0,0 +1,15 @@
1
+ ---
2
+ !binary "U0hBMQ==":
3
+ metadata.gz: !binary |-
4
+ ZmExMGQ3ZWEwMTBlMWY1N2ViNjgyMDM0YTI5Njc4ODQzZjU0NmQ3MQ==
5
+ data.tar.gz: !binary |-
6
+ MDJmYTBjNWE4NTAzNzQ0Yjg1MjQ4MWE5ZDE1YzU4OWU4YTkxZDBkMA==
7
+ !binary "U0hBNTEy":
8
+ metadata.gz: !binary |-
9
+ ZDJmYWJjMzhhYTdkZTYxMjM0ZDY2OGQ0ZjA2NzQ2ZGU2YTBiOWY2N2EwYTA2
10
+ MGIzNTBiMjAwMDhhYWE2YzMyZTI0OTk3MGM5MjU4NmQzYTc4YzdmNDYxNzcx
11
+ OTljOTVjNGE4YTQ1ZDQyMzY2MDdiMjUyZGFhNjFjNzc0NDBiZWQ=
12
+ data.tar.gz: !binary |-
13
+ Y2E5NGViNGQxMGFmMTM0ZWM2N2YzYWQ4Yjg4ZTkyMDdkNTY5NGVjOWUwNzEx
14
+ M2ViYWJlZWFiNTcxNGIwODk0Nzk5MDY5YjA5N2Y2MjE5ZjYxYTkzNzcyMWFk
15
+ NjQ4YzVhZGY0N2U2NzE1NjQwODkyYzIzMDFmZDMxYmM0ZmVlM2U=
data/README.md CHANGED
@@ -154,6 +154,18 @@ You can subscribe to 'rack.attack' events and log it, graph it, etc:
154
154
  puts req.inspect
155
155
  end
156
156
 
157
+ ## Performance
158
+
159
+ The overhead of running Rack::Attack is typically negligible (a few milliseconds per request),
160
+ but it depends on how many checks you've configured, and how long they take.
161
+ Throttles usually require a network roundtrip to your cache server(s),
162
+ so try to keep the number of throttle checks per request low.
163
+
164
+ If a request is blacklisted or throttled, the response is a very simple Rack response.
165
+ A single typical ruby web server thread can block several hundred requests per second.
166
+
167
+ Rack::Attack complements tools like `iptables` and nginx's [limit_zone module](http://wiki.nginx.org/HttpLimitZoneModule).
168
+
157
169
  ## Motivation
158
170
 
159
171
  Abusive clients range from malicious login crackers to naively-written scrapers.
@@ -164,7 +176,7 @@ It is impractical if not impossible to block abusive clients completely.
164
176
  Rack::Attack aims to let developers quickly mitigate abusive requests and rely
165
177
  less on short-term, one-off hacks to block a particular attack.
166
178
 
167
- Rack::Attack complements tools like iptables and nginx's [limit_zone module](http://wiki.nginx.org/HttpLimitZoneModule).
179
+ See also: the [Backing & Hacking blog post](http://www.kickstarter.com/backing-and-hacking/rack-attack-protection-from-abusive-clients) introducing Rack::Attack.
168
180
 
169
181
  [![Build Status](https://travis-ci.org/kickstarter/rack-attack.png?branch=master)](https://travis-ci.org/kickstarter/rack-attack)
170
182
  [![Code Climate](https://codeclimate.com/github/kickstarter/rack-attack.png)](https://codeclimate.com/github/kickstarter/rack-attack)
@@ -12,13 +12,12 @@ module Rack
12
12
  attr_reader :store
13
13
  def store=(store)
14
14
  # RedisStore#increment needs different behavior, so detect that
15
- # (method has an arity of 2; must call #expire seperately
15
+ # (method has an arity of 2; must call #expire separately
16
16
  if defined?(::ActiveSupport::Cache::RedisStore) && store.is_a?(::ActiveSupport::Cache::RedisStore)
17
17
  # ActiveSupport::Cache::RedisStore doesn't expose any way to set an expiry,
18
18
  # so use the raw Redis::Store instead
19
19
  @store = store.instance_variable_get(:@data)
20
20
  else
21
- @redis_store = false
22
21
  @store = store
23
22
  end
24
23
  end
@@ -1,14 +1,15 @@
1
1
  module Rack
2
2
  module Attack
3
3
  class Throttle
4
+ MANDATORY_OPTIONS = [:limit, :period]
4
5
  attr_reader :name, :limit, :period, :block
5
6
  def initialize(name, options, block)
6
7
  @name, @block = name, block
7
- [:limit, :period].each do |opt|
8
+ MANDATORY_OPTIONS.each do |opt|
8
9
  raise ArgumentError.new("Must pass #{opt.inspect} option") unless options[opt]
9
10
  end
10
11
  @limit = options[:limit]
11
- @period = options[:period]
12
+ @period = options[:period].to_i
12
13
  end
13
14
 
14
15
  def cache
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  module Attack
3
- VERSION = '2.1.0'
3
+ VERSION = '2.1.1'
4
4
  end
5
5
  end
data/spec/spec_helper.rb CHANGED
@@ -4,11 +4,15 @@ require "bundler/setup"
4
4
  require "minitest/autorun"
5
5
  require "minitest/pride"
6
6
  require "rack/test"
7
- require 'debugger'
8
7
  require 'active_support'
9
-
10
8
  require "rack/attack"
11
9
 
10
+ begin
11
+ require 'debugger'
12
+ rescue LoadError
13
+ #nothing to do here
14
+ end
15
+
12
16
  class Minitest::Spec
13
17
 
14
18
  include Rack::Test::Methods
metadata CHANGED
@@ -1,20 +1,18 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-attack
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0
5
- prerelease:
4
+ version: 2.1.1
6
5
  platform: ruby
7
6
  authors:
8
7
  - Aaron Suggs
9
8
  autorequire:
10
9
  bindir: bin
11
10
  cert_chain: []
12
- date: 2013-03-05 00:00:00.000000000 Z
11
+ date: 2013-05-16 00:00:00.000000000 Z
13
12
  dependencies:
14
13
  - !ruby/object:Gem::Dependency
15
14
  name: rack
16
15
  requirement: !ruby/object:Gem::Requirement
17
- none: false
18
16
  requirements:
19
17
  - - ! '>='
20
18
  - !ruby/object:Gem::Version
@@ -22,7 +20,6 @@ dependencies:
22
20
  type: :runtime
23
21
  prerelease: false
24
22
  version_requirements: !ruby/object:Gem::Requirement
25
- none: false
26
23
  requirements:
27
24
  - - ! '>='
28
25
  - !ruby/object:Gem::Version
@@ -30,7 +27,6 @@ dependencies:
30
27
  - !ruby/object:Gem::Dependency
31
28
  name: minitest
32
29
  requirement: !ruby/object:Gem::Requirement
33
- none: false
34
30
  requirements:
35
31
  - - ! '>='
36
32
  - !ruby/object:Gem::Version
@@ -38,7 +34,6 @@ dependencies:
38
34
  type: :development
39
35
  prerelease: false
40
36
  version_requirements: !ruby/object:Gem::Requirement
41
- none: false
42
37
  requirements:
43
38
  - - ! '>='
44
39
  - !ruby/object:Gem::Version
@@ -46,7 +41,6 @@ dependencies:
46
41
  - !ruby/object:Gem::Dependency
47
42
  name: rack-test
48
43
  requirement: !ruby/object:Gem::Requirement
49
- none: false
50
44
  requirements:
51
45
  - - ! '>='
52
46
  - !ruby/object:Gem::Version
@@ -54,7 +48,6 @@ dependencies:
54
48
  type: :development
55
49
  prerelease: false
56
50
  version_requirements: !ruby/object:Gem::Requirement
57
- none: false
58
51
  requirements:
59
52
  - - ! '>='
60
53
  - !ruby/object:Gem::Version
@@ -62,7 +55,6 @@ dependencies:
62
55
  - !ruby/object:Gem::Dependency
63
56
  name: rake
64
57
  requirement: !ruby/object:Gem::Requirement
65
- none: false
66
58
  requirements:
67
59
  - - ! '>='
68
60
  - !ruby/object:Gem::Version
@@ -70,7 +62,6 @@ dependencies:
70
62
  type: :development
71
63
  prerelease: false
72
64
  version_requirements: !ruby/object:Gem::Requirement
73
- none: false
74
65
  requirements:
75
66
  - - ! '>='
76
67
  - !ruby/object:Gem::Version
@@ -78,7 +69,6 @@ dependencies:
78
69
  - !ruby/object:Gem::Dependency
79
70
  name: activesupport
80
71
  requirement: !ruby/object:Gem::Requirement
81
- none: false
82
72
  requirements:
83
73
  - - ! '>='
84
74
  - !ruby/object:Gem::Version
@@ -86,7 +76,6 @@ dependencies:
86
76
  type: :development
87
77
  prerelease: false
88
78
  version_requirements: !ruby/object:Gem::Requirement
89
- none: false
90
79
  requirements:
91
80
  - - ! '>='
92
81
  - !ruby/object:Gem::Version
@@ -94,23 +83,20 @@ dependencies:
94
83
  - !ruby/object:Gem::Dependency
95
84
  name: debugger
96
85
  requirement: !ruby/object:Gem::Requirement
97
- none: false
98
86
  requirements:
99
87
  - - ~>
100
88
  - !ruby/object:Gem::Version
101
- version: 1.1.3
89
+ version: '1.5'
102
90
  type: :development
103
91
  prerelease: false
104
92
  version_requirements: !ruby/object:Gem::Requirement
105
- none: false
106
93
  requirements:
107
94
  - - ~>
108
95
  - !ruby/object:Gem::Version
109
- version: 1.1.3
96
+ version: '1.5'
110
97
  - !ruby/object:Gem::Dependency
111
98
  name: redis-activesupport
112
99
  requirement: !ruby/object:Gem::Requirement
113
- none: false
114
100
  requirements:
115
101
  - - ! '>='
116
102
  - !ruby/object:Gem::Version
@@ -118,7 +104,6 @@ dependencies:
118
104
  type: :development
119
105
  prerelease: false
120
106
  version_requirements: !ruby/object:Gem::Requirement
121
- none: false
122
107
  requirements:
123
108
  - - ! '>='
124
109
  - !ruby/object:Gem::Version
@@ -126,7 +111,6 @@ dependencies:
126
111
  - !ruby/object:Gem::Dependency
127
112
  name: dalli
128
113
  requirement: !ruby/object:Gem::Requirement
129
- none: false
130
114
  requirements:
131
115
  - - ! '>='
132
116
  - !ruby/object:Gem::Version
@@ -134,7 +118,6 @@ dependencies:
134
118
  type: :development
135
119
  prerelease: false
136
120
  version_requirements: !ruby/object:Gem::Requirement
137
- none: false
138
121
  requirements:
139
122
  - - ! '>='
140
123
  - !ruby/object:Gem::Version
@@ -162,28 +145,27 @@ files:
162
145
  - spec/spec_helper.rb
163
146
  homepage: http://github.com/kickstarter/rack-attack
164
147
  licenses: []
148
+ metadata: {}
165
149
  post_install_message:
166
150
  rdoc_options:
167
151
  - --charset=UTF-8
168
152
  require_paths:
169
153
  - lib
170
154
  required_ruby_version: !ruby/object:Gem::Requirement
171
- none: false
172
155
  requirements:
173
156
  - - ! '>='
174
157
  - !ruby/object:Gem::Version
175
158
  version: 1.9.3
176
159
  required_rubygems_version: !ruby/object:Gem::Requirement
177
- none: false
178
160
  requirements:
179
161
  - - ! '>='
180
162
  - !ruby/object:Gem::Version
181
163
  version: '0'
182
164
  requirements: []
183
165
  rubyforge_project:
184
- rubygems_version: 1.8.24
166
+ rubygems_version: 2.0.3
185
167
  signing_key:
186
- specification_version: 3
168
+ specification_version: 4
187
169
  summary: Block & throttle abusive requests
188
170
  test_files:
189
171
  - spec/rack_attack_cache_spec.rb
@@ -191,3 +173,4 @@ test_files:
191
173
  - spec/rack_attack_throttle_spec.rb
192
174
  - spec/rack_attack_track_spec.rb
193
175
  - spec/spec_helper.rb
176
+ has_rdoc: