rack-attack 2.2.0 → 2.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of rack-attack might be problematic. Click here for more details.
- data/README.md +5 -1
- data/lib/rack/attack.rb +2 -2
- data/lib/rack/attack/version.rb +1 -1
- data/spec/fail2ban_spec.rb +4 -4
- data/spec/rack_attack_spec.rb +1 -1
- data/spec/rack_attack_throttle_spec.rb +1 -1
- metadata +34 -55
- checksums.yaml +0 -7
data/README.md
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
Rack::Attack is a rack middleware to protect your web app from bad clients.
|
|
5
5
|
It allows *whitelisting*, *blacklisting*, *throttling*, and *tracking* based on arbitrary properties of the request.
|
|
6
6
|
|
|
7
|
-
Throttle state is stored in a configurable cache (e.g. `Rails.cache`), presumably backed by memcached or redis.
|
|
7
|
+
Throttle state is stored in a configurable cache (e.g. `Rails.cache`), presumably backed by memcached or redis (at least v3.0.0).
|
|
8
8
|
|
|
9
9
|
## Installation
|
|
10
10
|
|
|
@@ -165,6 +165,8 @@ Customize the response of blacklisted and throttled requests using an object tha
|
|
|
165
165
|
|
|
166
166
|
```ruby
|
|
167
167
|
Rack::Attack.blacklisted_response = lambda do |env|
|
|
168
|
+
# Using 503 because it may make attacker think that they have successfully
|
|
169
|
+
# DOSed the site. Rack::Attack returns 401 for blacklists by default
|
|
168
170
|
[ 503, {}, ['Blocked']]
|
|
169
171
|
end
|
|
170
172
|
|
|
@@ -176,6 +178,8 @@ Customize the response of blacklisted and throttled requests using an object tha
|
|
|
176
178
|
env['rack.attack.match_data']
|
|
177
179
|
].inspect
|
|
178
180
|
|
|
181
|
+
# Using 503 because it may make attacker think that they have successfully
|
|
182
|
+
# DOSed the site. Rack::Attack returns 429 for throttling by default
|
|
179
183
|
[ 503, {}, [body]]
|
|
180
184
|
end
|
|
181
185
|
```
|
data/lib/rack/attack.rb
CHANGED
|
@@ -39,10 +39,10 @@ module Rack::Attack
|
|
|
39
39
|
|
|
40
40
|
# Set defaults
|
|
41
41
|
@notifier ||= ActiveSupport::Notifications if defined?(ActiveSupport::Notifications)
|
|
42
|
-
@blacklisted_response ||= lambda {|env| [
|
|
42
|
+
@blacklisted_response ||= lambda {|env| [401, {}, ["Unauthorized\n"]] }
|
|
43
43
|
@throttled_response ||= lambda {|env|
|
|
44
44
|
retry_after = env['rack.attack.match_data'][:period] rescue nil
|
|
45
|
-
[
|
|
45
|
+
[429, {'Retry-After' => retry_after.to_s}, ["Retry later\n"]]
|
|
46
46
|
}
|
|
47
47
|
|
|
48
48
|
self
|
data/lib/rack/attack/version.rb
CHANGED
data/spec/fail2ban_spec.rb
CHANGED
|
@@ -24,7 +24,7 @@ describe 'Rack::Attack.Fail2Ban' do
|
|
|
24
24
|
describe 'when not at maxretry' do
|
|
25
25
|
before { get '/?foo=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4' }
|
|
26
26
|
it 'fails' do
|
|
27
|
-
last_response.status.must_equal
|
|
27
|
+
last_response.status.must_equal 401
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
it 'increases fail count' do
|
|
@@ -46,7 +46,7 @@ describe 'Rack::Attack.Fail2Ban' do
|
|
|
46
46
|
end
|
|
47
47
|
|
|
48
48
|
it 'fails' do
|
|
49
|
-
last_response.status.must_equal
|
|
49
|
+
last_response.status.must_equal 401
|
|
50
50
|
end
|
|
51
51
|
|
|
52
52
|
it 'increases fail count' do
|
|
@@ -83,7 +83,7 @@ describe 'Rack::Attack.Fail2Ban' do
|
|
|
83
83
|
end
|
|
84
84
|
|
|
85
85
|
it 'fails' do
|
|
86
|
-
last_response.status.must_equal
|
|
86
|
+
last_response.status.must_equal 401
|
|
87
87
|
end
|
|
88
88
|
|
|
89
89
|
it 'does not increase fail count' do
|
|
@@ -103,7 +103,7 @@ describe 'Rack::Attack.Fail2Ban' do
|
|
|
103
103
|
end
|
|
104
104
|
|
|
105
105
|
it 'fails' do
|
|
106
|
-
last_response.status.must_equal
|
|
106
|
+
last_response.status.must_equal 401
|
|
107
107
|
end
|
|
108
108
|
|
|
109
109
|
it 'does not increase fail count' do
|
data/spec/rack_attack_spec.rb
CHANGED
|
@@ -15,7 +15,7 @@ describe 'Rack::Attack' do
|
|
|
15
15
|
before { get '/', {}, 'REMOTE_ADDR' => @bad_ip }
|
|
16
16
|
it "should return a blacklist response" do
|
|
17
17
|
get '/', {}, 'REMOTE_ADDR' => @bad_ip
|
|
18
|
-
last_response.status.must_equal
|
|
18
|
+
last_response.status.must_equal 401
|
|
19
19
|
end
|
|
20
20
|
it "should tag the env" do
|
|
21
21
|
last_request.env['rack.attack.matched'].must_equal "ip #{@bad_ip}"
|
|
@@ -26,7 +26,7 @@ describe 'Rack::Attack.throttle' do
|
|
|
26
26
|
2.times { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
|
|
27
27
|
end
|
|
28
28
|
it 'should block the last request' do
|
|
29
|
-
last_response.status.must_equal
|
|
29
|
+
last_response.status.must_equal 429
|
|
30
30
|
end
|
|
31
31
|
it 'should tag the env' do
|
|
32
32
|
last_request.env['rack.attack.matched'].must_equal 'ip/sec'
|
metadata
CHANGED
|
@@ -1,127 +1,104 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-attack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.2.
|
|
4
|
+
version: 2.2.1
|
|
5
|
+
prerelease:
|
|
5
6
|
platform: ruby
|
|
6
7
|
authors:
|
|
7
8
|
- Aaron Suggs
|
|
8
9
|
autorequire:
|
|
9
10
|
bindir: bin
|
|
10
11
|
cert_chain: []
|
|
11
|
-
date: 2013-
|
|
12
|
+
date: 2013-08-13 00:00:00.000000000 Z
|
|
12
13
|
dependencies:
|
|
13
14
|
- !ruby/object:Gem::Dependency
|
|
14
15
|
name: rack
|
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirement: &1 !ruby/object:Gem::Requirement
|
|
17
|
+
none: false
|
|
16
18
|
requirements:
|
|
17
19
|
- - '>='
|
|
18
20
|
- !ruby/object:Gem::Version
|
|
19
21
|
version: '0'
|
|
20
22
|
type: :runtime
|
|
21
23
|
prerelease: false
|
|
22
|
-
version_requirements:
|
|
23
|
-
requirements:
|
|
24
|
-
- - '>='
|
|
25
|
-
- !ruby/object:Gem::Version
|
|
26
|
-
version: '0'
|
|
24
|
+
version_requirements: *1
|
|
27
25
|
- !ruby/object:Gem::Dependency
|
|
28
26
|
name: minitest
|
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
|
27
|
+
requirement: &2 !ruby/object:Gem::Requirement
|
|
28
|
+
none: false
|
|
30
29
|
requirements:
|
|
31
30
|
- - '>='
|
|
32
31
|
- !ruby/object:Gem::Version
|
|
33
32
|
version: '0'
|
|
34
33
|
type: :development
|
|
35
34
|
prerelease: false
|
|
36
|
-
version_requirements:
|
|
37
|
-
requirements:
|
|
38
|
-
- - '>='
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
40
|
-
version: '0'
|
|
35
|
+
version_requirements: *2
|
|
41
36
|
- !ruby/object:Gem::Dependency
|
|
42
37
|
name: rack-test
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
38
|
+
requirement: &3 !ruby/object:Gem::Requirement
|
|
39
|
+
none: false
|
|
44
40
|
requirements:
|
|
45
41
|
- - '>='
|
|
46
42
|
- !ruby/object:Gem::Version
|
|
47
43
|
version: '0'
|
|
48
44
|
type: :development
|
|
49
45
|
prerelease: false
|
|
50
|
-
version_requirements:
|
|
51
|
-
requirements:
|
|
52
|
-
- - '>='
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: '0'
|
|
46
|
+
version_requirements: *3
|
|
55
47
|
- !ruby/object:Gem::Dependency
|
|
56
48
|
name: rake
|
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
|
49
|
+
requirement: &4 !ruby/object:Gem::Requirement
|
|
50
|
+
none: false
|
|
58
51
|
requirements:
|
|
59
52
|
- - '>='
|
|
60
53
|
- !ruby/object:Gem::Version
|
|
61
54
|
version: '0'
|
|
62
55
|
type: :development
|
|
63
56
|
prerelease: false
|
|
64
|
-
version_requirements:
|
|
65
|
-
requirements:
|
|
66
|
-
- - '>='
|
|
67
|
-
- !ruby/object:Gem::Version
|
|
68
|
-
version: '0'
|
|
57
|
+
version_requirements: *4
|
|
69
58
|
- !ruby/object:Gem::Dependency
|
|
70
59
|
name: activesupport
|
|
71
|
-
requirement: !ruby/object:Gem::Requirement
|
|
60
|
+
requirement: &5 !ruby/object:Gem::Requirement
|
|
61
|
+
none: false
|
|
72
62
|
requirements:
|
|
73
63
|
- - '>='
|
|
74
64
|
- !ruby/object:Gem::Version
|
|
75
65
|
version: 3.0.0
|
|
76
66
|
type: :development
|
|
77
67
|
prerelease: false
|
|
78
|
-
version_requirements:
|
|
79
|
-
requirements:
|
|
80
|
-
- - '>='
|
|
81
|
-
- !ruby/object:Gem::Version
|
|
82
|
-
version: 3.0.0
|
|
68
|
+
version_requirements: *5
|
|
83
69
|
- !ruby/object:Gem::Dependency
|
|
84
70
|
name: debugger
|
|
85
|
-
requirement: !ruby/object:Gem::Requirement
|
|
71
|
+
requirement: &6 !ruby/object:Gem::Requirement
|
|
72
|
+
none: false
|
|
86
73
|
requirements:
|
|
87
74
|
- - ~>
|
|
88
75
|
- !ruby/object:Gem::Version
|
|
89
76
|
version: '1.5'
|
|
90
77
|
type: :development
|
|
91
78
|
prerelease: false
|
|
92
|
-
version_requirements:
|
|
93
|
-
requirements:
|
|
94
|
-
- - ~>
|
|
95
|
-
- !ruby/object:Gem::Version
|
|
96
|
-
version: '1.5'
|
|
79
|
+
version_requirements: *6
|
|
97
80
|
- !ruby/object:Gem::Dependency
|
|
98
81
|
name: redis-activesupport
|
|
99
|
-
requirement: !ruby/object:Gem::Requirement
|
|
82
|
+
requirement: &7 !ruby/object:Gem::Requirement
|
|
83
|
+
none: false
|
|
100
84
|
requirements:
|
|
101
85
|
- - '>='
|
|
102
86
|
- !ruby/object:Gem::Version
|
|
103
87
|
version: '0'
|
|
104
88
|
type: :development
|
|
105
89
|
prerelease: false
|
|
106
|
-
version_requirements:
|
|
107
|
-
requirements:
|
|
108
|
-
- - '>='
|
|
109
|
-
- !ruby/object:Gem::Version
|
|
110
|
-
version: '0'
|
|
90
|
+
version_requirements: *7
|
|
111
91
|
- !ruby/object:Gem::Dependency
|
|
112
92
|
name: dalli
|
|
113
|
-
requirement: !ruby/object:Gem::Requirement
|
|
93
|
+
requirement: &8 !ruby/object:Gem::Requirement
|
|
94
|
+
none: false
|
|
114
95
|
requirements:
|
|
115
96
|
- - '>='
|
|
116
97
|
- !ruby/object:Gem::Version
|
|
117
98
|
version: '0'
|
|
118
99
|
type: :development
|
|
119
100
|
prerelease: false
|
|
120
|
-
version_requirements:
|
|
121
|
-
requirements:
|
|
122
|
-
- - '>='
|
|
123
|
-
- !ruby/object:Gem::Version
|
|
124
|
-
version: '0'
|
|
101
|
+
version_requirements: *8
|
|
125
102
|
description: A rack middleware for throttling and blocking abusive requests
|
|
126
103
|
email: aaron@ktheory.com
|
|
127
104
|
executables: []
|
|
@@ -147,28 +124,30 @@ files:
|
|
|
147
124
|
- spec/rack_attack_track_spec.rb
|
|
148
125
|
- spec/spec_helper.rb
|
|
149
126
|
homepage: http://github.com/kickstarter/rack-attack
|
|
150
|
-
licenses:
|
|
151
|
-
|
|
127
|
+
licenses:
|
|
128
|
+
- MIT
|
|
152
129
|
post_install_message:
|
|
153
130
|
rdoc_options:
|
|
154
131
|
- --charset=UTF-8
|
|
155
132
|
require_paths:
|
|
156
133
|
- lib
|
|
157
134
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
135
|
+
none: false
|
|
158
136
|
requirements:
|
|
159
137
|
- - '>='
|
|
160
138
|
- !ruby/object:Gem::Version
|
|
161
|
-
version: 1.9.
|
|
139
|
+
version: 1.9.2
|
|
162
140
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
141
|
+
none: false
|
|
163
142
|
requirements:
|
|
164
143
|
- - '>='
|
|
165
144
|
- !ruby/object:Gem::Version
|
|
166
145
|
version: '0'
|
|
167
146
|
requirements: []
|
|
168
147
|
rubyforge_project:
|
|
169
|
-
rubygems_version:
|
|
148
|
+
rubygems_version: 1.8.3
|
|
170
149
|
signing_key:
|
|
171
|
-
specification_version:
|
|
150
|
+
specification_version: 3
|
|
172
151
|
summary: Block & throttle abusive requests
|
|
173
152
|
test_files:
|
|
174
153
|
- spec/fail2ban_spec.rb
|
checksums.yaml
DELETED
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
SHA1:
|
|
3
|
-
metadata.gz: 30436667301e528e76d76b7454ad73ca9dd08a08
|
|
4
|
-
data.tar.gz: 72e275cb98d8e38b478c4db4d7fa5bdb4759c7ab
|
|
5
|
-
SHA512:
|
|
6
|
-
metadata.gz: d2a8d0690b58f15a6f512077408fa40cec5c7e23b39ebc470a53a753273f1497e3605930106d2c16dd41a8b3edef39a3e9b66b0fd4778b871c5ab0017e2bd4ac
|
|
7
|
-
data.tar.gz: 2a097e071cafcdb11cf36d4150c459723877a852b7920fdf3ed5fa74cedf1ea3d19b25357d0bd31c3b47c48d3a938575e877aade034e8fc7f5eba882101385b5
|