rack-attack 2.2.0 → 2.2.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack-attack might be problematic. Click here for more details.
- data/README.md +5 -1
- data/lib/rack/attack.rb +2 -2
- data/lib/rack/attack/version.rb +1 -1
- data/spec/fail2ban_spec.rb +4 -4
- data/spec/rack_attack_spec.rb +1 -1
- data/spec/rack_attack_throttle_spec.rb +1 -1
- metadata +34 -55
- checksums.yaml +0 -7
data/README.md
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
Rack::Attack is a rack middleware to protect your web app from bad clients.
|
|
5
5
|
It allows *whitelisting*, *blacklisting*, *throttling*, and *tracking* based on arbitrary properties of the request.
|
|
6
6
|
|
|
7
|
-
Throttle state is stored in a configurable cache (e.g. `Rails.cache`), presumably backed by memcached or redis.
|
|
7
|
+
Throttle state is stored in a configurable cache (e.g. `Rails.cache`), presumably backed by memcached or redis (at least v3.0.0).
|
|
8
8
|
|
|
9
9
|
## Installation
|
|
10
10
|
|
|
@@ -165,6 +165,8 @@ Customize the response of blacklisted and throttled requests using an object tha
|
|
|
165
165
|
|
|
166
166
|
```ruby
|
|
167
167
|
Rack::Attack.blacklisted_response = lambda do |env|
|
|
168
|
+
# Using 503 because it may make attacker think that they have successfully
|
|
169
|
+
# DOSed the site. Rack::Attack returns 401 for blacklists by default
|
|
168
170
|
[ 503, {}, ['Blocked']]
|
|
169
171
|
end
|
|
170
172
|
|
|
@@ -176,6 +178,8 @@ Customize the response of blacklisted and throttled requests using an object tha
|
|
|
176
178
|
env['rack.attack.match_data']
|
|
177
179
|
].inspect
|
|
178
180
|
|
|
181
|
+
# Using 503 because it may make attacker think that they have successfully
|
|
182
|
+
# DOSed the site. Rack::Attack returns 429 for throttling by default
|
|
179
183
|
[ 503, {}, [body]]
|
|
180
184
|
end
|
|
181
185
|
```
|
data/lib/rack/attack.rb
CHANGED
|
@@ -39,10 +39,10 @@ module Rack::Attack
|
|
|
39
39
|
|
|
40
40
|
# Set defaults
|
|
41
41
|
@notifier ||= ActiveSupport::Notifications if defined?(ActiveSupport::Notifications)
|
|
42
|
-
@blacklisted_response ||= lambda {|env| [
|
|
42
|
+
@blacklisted_response ||= lambda {|env| [401, {}, ["Unauthorized\n"]] }
|
|
43
43
|
@throttled_response ||= lambda {|env|
|
|
44
44
|
retry_after = env['rack.attack.match_data'][:period] rescue nil
|
|
45
|
-
[
|
|
45
|
+
[429, {'Retry-After' => retry_after.to_s}, ["Retry later\n"]]
|
|
46
46
|
}
|
|
47
47
|
|
|
48
48
|
self
|
data/lib/rack/attack/version.rb
CHANGED
data/spec/fail2ban_spec.rb
CHANGED
|
@@ -24,7 +24,7 @@ describe 'Rack::Attack.Fail2Ban' do
|
|
|
24
24
|
describe 'when not at maxretry' do
|
|
25
25
|
before { get '/?foo=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4' }
|
|
26
26
|
it 'fails' do
|
|
27
|
-
last_response.status.must_equal
|
|
27
|
+
last_response.status.must_equal 401
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
it 'increases fail count' do
|
|
@@ -46,7 +46,7 @@ describe 'Rack::Attack.Fail2Ban' do
|
|
|
46
46
|
end
|
|
47
47
|
|
|
48
48
|
it 'fails' do
|
|
49
|
-
last_response.status.must_equal
|
|
49
|
+
last_response.status.must_equal 401
|
|
50
50
|
end
|
|
51
51
|
|
|
52
52
|
it 'increases fail count' do
|
|
@@ -83,7 +83,7 @@ describe 'Rack::Attack.Fail2Ban' do
|
|
|
83
83
|
end
|
|
84
84
|
|
|
85
85
|
it 'fails' do
|
|
86
|
-
last_response.status.must_equal
|
|
86
|
+
last_response.status.must_equal 401
|
|
87
87
|
end
|
|
88
88
|
|
|
89
89
|
it 'does not increase fail count' do
|
|
@@ -103,7 +103,7 @@ describe 'Rack::Attack.Fail2Ban' do
|
|
|
103
103
|
end
|
|
104
104
|
|
|
105
105
|
it 'fails' do
|
|
106
|
-
last_response.status.must_equal
|
|
106
|
+
last_response.status.must_equal 401
|
|
107
107
|
end
|
|
108
108
|
|
|
109
109
|
it 'does not increase fail count' do
|
data/spec/rack_attack_spec.rb
CHANGED
|
@@ -15,7 +15,7 @@ describe 'Rack::Attack' do
|
|
|
15
15
|
before { get '/', {}, 'REMOTE_ADDR' => @bad_ip }
|
|
16
16
|
it "should return a blacklist response" do
|
|
17
17
|
get '/', {}, 'REMOTE_ADDR' => @bad_ip
|
|
18
|
-
last_response.status.must_equal
|
|
18
|
+
last_response.status.must_equal 401
|
|
19
19
|
end
|
|
20
20
|
it "should tag the env" do
|
|
21
21
|
last_request.env['rack.attack.matched'].must_equal "ip #{@bad_ip}"
|
|
@@ -26,7 +26,7 @@ describe 'Rack::Attack.throttle' do
|
|
|
26
26
|
2.times { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
|
|
27
27
|
end
|
|
28
28
|
it 'should block the last request' do
|
|
29
|
-
last_response.status.must_equal
|
|
29
|
+
last_response.status.must_equal 429
|
|
30
30
|
end
|
|
31
31
|
it 'should tag the env' do
|
|
32
32
|
last_request.env['rack.attack.matched'].must_equal 'ip/sec'
|
metadata
CHANGED
|
@@ -1,127 +1,104 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-attack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.2.
|
|
4
|
+
version: 2.2.1
|
|
5
|
+
prerelease:
|
|
5
6
|
platform: ruby
|
|
6
7
|
authors:
|
|
7
8
|
- Aaron Suggs
|
|
8
9
|
autorequire:
|
|
9
10
|
bindir: bin
|
|
10
11
|
cert_chain: []
|
|
11
|
-
date: 2013-
|
|
12
|
+
date: 2013-08-13 00:00:00.000000000 Z
|
|
12
13
|
dependencies:
|
|
13
14
|
- !ruby/object:Gem::Dependency
|
|
14
15
|
name: rack
|
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirement: &1 !ruby/object:Gem::Requirement
|
|
17
|
+
none: false
|
|
16
18
|
requirements:
|
|
17
19
|
- - '>='
|
|
18
20
|
- !ruby/object:Gem::Version
|
|
19
21
|
version: '0'
|
|
20
22
|
type: :runtime
|
|
21
23
|
prerelease: false
|
|
22
|
-
version_requirements:
|
|
23
|
-
requirements:
|
|
24
|
-
- - '>='
|
|
25
|
-
- !ruby/object:Gem::Version
|
|
26
|
-
version: '0'
|
|
24
|
+
version_requirements: *1
|
|
27
25
|
- !ruby/object:Gem::Dependency
|
|
28
26
|
name: minitest
|
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
|
27
|
+
requirement: &2 !ruby/object:Gem::Requirement
|
|
28
|
+
none: false
|
|
30
29
|
requirements:
|
|
31
30
|
- - '>='
|
|
32
31
|
- !ruby/object:Gem::Version
|
|
33
32
|
version: '0'
|
|
34
33
|
type: :development
|
|
35
34
|
prerelease: false
|
|
36
|
-
version_requirements:
|
|
37
|
-
requirements:
|
|
38
|
-
- - '>='
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
40
|
-
version: '0'
|
|
35
|
+
version_requirements: *2
|
|
41
36
|
- !ruby/object:Gem::Dependency
|
|
42
37
|
name: rack-test
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
38
|
+
requirement: &3 !ruby/object:Gem::Requirement
|
|
39
|
+
none: false
|
|
44
40
|
requirements:
|
|
45
41
|
- - '>='
|
|
46
42
|
- !ruby/object:Gem::Version
|
|
47
43
|
version: '0'
|
|
48
44
|
type: :development
|
|
49
45
|
prerelease: false
|
|
50
|
-
version_requirements:
|
|
51
|
-
requirements:
|
|
52
|
-
- - '>='
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: '0'
|
|
46
|
+
version_requirements: *3
|
|
55
47
|
- !ruby/object:Gem::Dependency
|
|
56
48
|
name: rake
|
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
|
49
|
+
requirement: &4 !ruby/object:Gem::Requirement
|
|
50
|
+
none: false
|
|
58
51
|
requirements:
|
|
59
52
|
- - '>='
|
|
60
53
|
- !ruby/object:Gem::Version
|
|
61
54
|
version: '0'
|
|
62
55
|
type: :development
|
|
63
56
|
prerelease: false
|
|
64
|
-
version_requirements:
|
|
65
|
-
requirements:
|
|
66
|
-
- - '>='
|
|
67
|
-
- !ruby/object:Gem::Version
|
|
68
|
-
version: '0'
|
|
57
|
+
version_requirements: *4
|
|
69
58
|
- !ruby/object:Gem::Dependency
|
|
70
59
|
name: activesupport
|
|
71
|
-
requirement: !ruby/object:Gem::Requirement
|
|
60
|
+
requirement: &5 !ruby/object:Gem::Requirement
|
|
61
|
+
none: false
|
|
72
62
|
requirements:
|
|
73
63
|
- - '>='
|
|
74
64
|
- !ruby/object:Gem::Version
|
|
75
65
|
version: 3.0.0
|
|
76
66
|
type: :development
|
|
77
67
|
prerelease: false
|
|
78
|
-
version_requirements:
|
|
79
|
-
requirements:
|
|
80
|
-
- - '>='
|
|
81
|
-
- !ruby/object:Gem::Version
|
|
82
|
-
version: 3.0.0
|
|
68
|
+
version_requirements: *5
|
|
83
69
|
- !ruby/object:Gem::Dependency
|
|
84
70
|
name: debugger
|
|
85
|
-
requirement: !ruby/object:Gem::Requirement
|
|
71
|
+
requirement: &6 !ruby/object:Gem::Requirement
|
|
72
|
+
none: false
|
|
86
73
|
requirements:
|
|
87
74
|
- - ~>
|
|
88
75
|
- !ruby/object:Gem::Version
|
|
89
76
|
version: '1.5'
|
|
90
77
|
type: :development
|
|
91
78
|
prerelease: false
|
|
92
|
-
version_requirements:
|
|
93
|
-
requirements:
|
|
94
|
-
- - ~>
|
|
95
|
-
- !ruby/object:Gem::Version
|
|
96
|
-
version: '1.5'
|
|
79
|
+
version_requirements: *6
|
|
97
80
|
- !ruby/object:Gem::Dependency
|
|
98
81
|
name: redis-activesupport
|
|
99
|
-
requirement: !ruby/object:Gem::Requirement
|
|
82
|
+
requirement: &7 !ruby/object:Gem::Requirement
|
|
83
|
+
none: false
|
|
100
84
|
requirements:
|
|
101
85
|
- - '>='
|
|
102
86
|
- !ruby/object:Gem::Version
|
|
103
87
|
version: '0'
|
|
104
88
|
type: :development
|
|
105
89
|
prerelease: false
|
|
106
|
-
version_requirements:
|
|
107
|
-
requirements:
|
|
108
|
-
- - '>='
|
|
109
|
-
- !ruby/object:Gem::Version
|
|
110
|
-
version: '0'
|
|
90
|
+
version_requirements: *7
|
|
111
91
|
- !ruby/object:Gem::Dependency
|
|
112
92
|
name: dalli
|
|
113
|
-
requirement: !ruby/object:Gem::Requirement
|
|
93
|
+
requirement: &8 !ruby/object:Gem::Requirement
|
|
94
|
+
none: false
|
|
114
95
|
requirements:
|
|
115
96
|
- - '>='
|
|
116
97
|
- !ruby/object:Gem::Version
|
|
117
98
|
version: '0'
|
|
118
99
|
type: :development
|
|
119
100
|
prerelease: false
|
|
120
|
-
version_requirements:
|
|
121
|
-
requirements:
|
|
122
|
-
- - '>='
|
|
123
|
-
- !ruby/object:Gem::Version
|
|
124
|
-
version: '0'
|
|
101
|
+
version_requirements: *8
|
|
125
102
|
description: A rack middleware for throttling and blocking abusive requests
|
|
126
103
|
email: aaron@ktheory.com
|
|
127
104
|
executables: []
|
|
@@ -147,28 +124,30 @@ files:
|
|
|
147
124
|
- spec/rack_attack_track_spec.rb
|
|
148
125
|
- spec/spec_helper.rb
|
|
149
126
|
homepage: http://github.com/kickstarter/rack-attack
|
|
150
|
-
licenses:
|
|
151
|
-
|
|
127
|
+
licenses:
|
|
128
|
+
- MIT
|
|
152
129
|
post_install_message:
|
|
153
130
|
rdoc_options:
|
|
154
131
|
- --charset=UTF-8
|
|
155
132
|
require_paths:
|
|
156
133
|
- lib
|
|
157
134
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
135
|
+
none: false
|
|
158
136
|
requirements:
|
|
159
137
|
- - '>='
|
|
160
138
|
- !ruby/object:Gem::Version
|
|
161
|
-
version: 1.9.
|
|
139
|
+
version: 1.9.2
|
|
162
140
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
141
|
+
none: false
|
|
163
142
|
requirements:
|
|
164
143
|
- - '>='
|
|
165
144
|
- !ruby/object:Gem::Version
|
|
166
145
|
version: '0'
|
|
167
146
|
requirements: []
|
|
168
147
|
rubyforge_project:
|
|
169
|
-
rubygems_version:
|
|
148
|
+
rubygems_version: 1.8.3
|
|
170
149
|
signing_key:
|
|
171
|
-
specification_version:
|
|
150
|
+
specification_version: 3
|
|
172
151
|
summary: Block & throttle abusive requests
|
|
173
152
|
test_files:
|
|
174
153
|
- spec/fail2ban_spec.rb
|
checksums.yaml
DELETED
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
SHA1:
|
|
3
|
-
metadata.gz: 30436667301e528e76d76b7454ad73ca9dd08a08
|
|
4
|
-
data.tar.gz: 72e275cb98d8e38b478c4db4d7fa5bdb4759c7ab
|
|
5
|
-
SHA512:
|
|
6
|
-
metadata.gz: d2a8d0690b58f15a6f512077408fa40cec5c7e23b39ebc470a53a753273f1497e3605930106d2c16dd41a8b3edef39a3e9b66b0fd4778b871c5ab0017e2bd4ac
|
|
7
|
-
data.tar.gz: 2a097e071cafcdb11cf36d4150c459723877a852b7920fdf3ed5fa74cedf1ea3d19b25357d0bd31c3b47c48d3a938575e877aade034e8fc7f5eba882101385b5
|