rack-attack 6.7.0 → 6.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5ea46a4cc03f800f7d841d6e2fafb387f47514ba4eb9e89c2a0f84bbeeaa6fea
-  data.tar.gz: 355b0da550c98fd1c79c9aaef19bb2f651bdf941cf0f7feaec1e75c50a3d56f1
+  metadata.gz: cca196b4f54fee6e576f7afd081dcc0311c25f2a9705a498bf5c319ec27a0d79
+  data.tar.gz: c758c6d6c9a10eac5ae1b20b1d501c3f9ded73d1c2dd77777a57a1727addf0fa
 SHA512:
-  metadata.gz: 8b9965c215ce6fced981d2863496b8060282fd35b9134d867772adc848612c97cd37227d1a16bf20def74bd88d96c07744bd23ac4344e3cb173065c7ad3f47b4
-  data.tar.gz: 9f4cc8f537454a521a154f1dfa8c102831f901c89c485b769156c91107a193391f7cddeab9f0fbdf195ca49da24bb16478a7c090cc2b23c69ff20aa9d666f5fa
+  metadata.gz: 4f8a0c70cb9744d842786b4960d9ec82f971c54a2fa4c036c44919be5695310cb192f22fa5910edd187f1655e537e894f092db0b16bda41744ecac2cde9e1bb3
+  data.tar.gz: 6e999c3c981c90130aac0bffddd69feb09ff480cd1b791dea33f580080a2cf7ffc4e4949c93ec2e4dfe61dd1cdd957291e7893c0ca2b879b2092ac6984a45169

data/README.md

@@ -11,7 +11,6 @@ See the [Backing & Hacking blog post](https://www.kickstarter.com/backing-and-ha
 
 [![Gem Version](https://badge.fury.io/rb/rack-attack.svg)](https://badge.fury.io/rb/rack-attack)
 [![build](https://github.com/rack/rack-attack/actions/workflows/build.yml/badge.svg)](https://github.com/rack/rack-attack/actions/workflows/build.yml)
-[![Code Climate](https://codeclimate.com/github/kickstarter/rack-attack.svg)](https://codeclimate.com/github/kickstarter/rack-attack)
 [![Join the chat at https://gitter.im/rack-attack/rack-attack](https://badges.gitter.im/rack-attack/rack-attack.svg)](https://gitter.im/rack-attack/rack-attack)
 
 ## Table of contents
@@ -56,7 +55,7 @@ Add this line to your application's Gemfile:
 ```ruby
 # In your Gemfile
 
-gem 'rack-attack'
+gem "rack-attack", "~> 6.8"
 ```
 
 And then execute:
@@ -291,7 +290,7 @@ Rack::Attack.track("special_agent", limit: 6, period: 60) do |req|
 end
 
 # Track it using ActiveSupport::Notification
-ActiveSupport::Notifications.subscribe("track.rack_attack") do |name, start, finish, request_id, payload|
+ActiveSupport::Notifications.subscribe("track.rack_attack") do |name, start, finish, instrumenter_id, payload|
   req = payload[:request]
   if req.env['rack.attack.matched'] == "special_agent"
     Rails.logger.info "special_agent: #{req.path}"
@@ -302,7 +301,7 @@ end
 
 ### Cache store configuration
 
-Throttle, allow2ban and fail2ban state is stored in a configurable cache (which defaults to `Rails.cache` if present), presumably backed by memcached or redis ([at least gem v3.0.0](https://rubygems.org/gems/redis)).
+Throttle, track, allow2ban and fail2ban state is stored in a configurable cache (which defaults to `Rails.cache` if present), presumably backed by memcached or redis ([at least gem v3.0.0](https://rubygems.org/gems/redis)).
 
 ```ruby
 # This is the default
@@ -383,7 +382,7 @@ To get notified about specific type of events, subscribe to the event name follo
 E.g. for throttles use:
 
 ```ruby
-ActiveSupport::Notifications.subscribe("throttle.rack_attack") do |name, start, finish, request_id, payload|
+ActiveSupport::Notifications.subscribe("throttle.rack_attack") do |name, start, finish, instrumenter_id, payload|
   # request object available in payload[:request]
 
   # Your code here
@@ -393,7 +392,7 @@ end
 If you want to subscribe to every `rack_attack` event, use:
 
 ```ruby
-ActiveSupport::Notifications.subscribe(/rack_attack/) do |name, start, finish, request_id, payload|
+ActiveSupport::Notifications.subscribe(/rack_attack/) do |name, start, finish, instrumenter_id, payload|
   # request object available in payload[:request]
 
   # Your code here

data/lib/rack/attack/base_proxy.rb

@@ -11,6 +11,7 @@ module Rack
         end
 
         def inherited(klass)
+          super
           proxies << klass
         end
 

data/lib/rack/attack/cache.rb

@@ -55,7 +55,7 @@ module Rack
 
       def reset!
         if store.respond_to?(:delete_matched)
-          store.delete_matched("#{prefix}*")
+          store.delete_matched(/#{prefix}*/)
         else
           raise(
             Rack::Attack::IncompatibleStoreError,

data/lib/rack/attack/configuration.rb

@@ -19,7 +19,7 @@ module Rack
         end
       end
 
-      attr_reader :safelists, :blocklists, :throttles, :anonymous_blocklists, :anonymous_safelists
+      attr_reader :safelists, :blocklists, :throttles, :tracks, :anonymous_blocklists, :anonymous_safelists
       attr_accessor :blocklisted_responder, :throttled_responder, :throttled_response_retry_after_header
 
       attr_reader :blocklisted_response, :throttled_response # Keeping these for backwards compatibility
@@ -61,11 +61,15 @@ module Rack
       end
 
       def blocklist_ip(ip_address)
-        @anonymous_blocklists << Blocklist.new { |request| IPAddr.new(ip_address).include?(IPAddr.new(request.ip)) }
+        @anonymous_blocklists << Blocklist.new do |request|
+          request.ip && !request.ip.empty? && IPAddr.new(ip_address).include?(IPAddr.new(request.ip))
+        end
       end
 
       def safelist_ip(ip_address)
-        @anonymous_safelists << Safelist.new { |request| IPAddr.new(ip_address).include?(IPAddr.new(request.ip)) }
+        @anonymous_safelists << Safelist.new do |request|
+          request.ip && !request.ip.empty? && IPAddr.new(ip_address).include?(IPAddr.new(request.ip))
+        end
       end
 
       def throttle(name, options, &block)

data/lib/rack/attack/store_proxy/redis_cache_store_proxy.rb

@@ -10,17 +10,19 @@ module Rack
           store.class.name == "ActiveSupport::Cache::RedisCacheStore"
         end
 
-        def increment(name, amount = 1, **options)
-          # RedisCacheStore#increment ignores options[:expires_in].
-          #
-          # So in order to workaround this we use RedisCacheStore#write (which sets expiration) to initialize
-          # the counter. After that we continue using the original RedisCacheStore#increment.
-          if options[:expires_in] && !read(name)
-            write(name, amount, options)
+        if defined?(::ActiveSupport) && ::ActiveSupport::VERSION::MAJOR < 6
+          def increment(name, amount = 1, **options)
+            # RedisCacheStore#increment ignores options[:expires_in] in versions prior to 6.
+            #
+            # So in order to workaround this we use RedisCacheStore#write (which sets expiration) to initialize
+            # the counter. After that we continue using the original RedisCacheStore#increment.
+            if options[:expires_in] && !read(name)
+              write(name, amount, options)
 
-            amount
-          else
-            super
+              amount
+            else
+              super
+            end
           end
         end
 
@@ -31,6 +33,10 @@ module Rack
         def write(name, value, options = {})
           super(name, value, options.merge!(raw: true))
         end
+
+        def delete_matched(matcher, options = nil)
+          super(matcher.source, options)
+        end
       end
     end
   end

data/lib/rack/attack/store_proxy/redis_proxy.rb

@@ -45,11 +45,12 @@ module Rack
 
         def delete_matched(matcher, _options = nil)
           cursor = "0"
+          source = matcher.source
 
           rescuing do
             # Fetch keys in batches using SCAN to avoid blocking the Redis server.
             loop do
-              cursor, keys = scan(cursor, match: matcher, count: 1000)
+              cursor, keys = scan(cursor, match: source, count: 1000)
               del(*keys) unless keys.empty?
               break if cursor == "0"
             end

data/lib/rack/attack/throttle.rb

@@ -38,8 +38,9 @@ module Rack
           epoch_time: cache.last_epoch_time
         }
 
+        annotate_request_with_throttle_data(request, data)
+
         (count > current_limit).tap do |throttled|
-          annotate_request_with_throttle_data(request, data)
           if throttled
             annotate_request_with_matched_data(request, data)
             Rack::Attack.instrument(request)

data/lib/rack/attack/version.rb

@@ -2,6 +2,6 @@
 
 module Rack
   class Attack
-    VERSION = '6.7.0'
+    VERSION = '6.8.0'
   end
 end

data/lib/rack/attack.rb

@@ -11,15 +11,17 @@ require 'rack/attack/store_proxy/mem_cache_store_proxy'
 require 'rack/attack/store_proxy/redis_proxy'
 require 'rack/attack/store_proxy/redis_store_proxy'
 require 'rack/attack/store_proxy/redis_cache_store_proxy'
-require 'rack/attack/store_proxy/active_support_redis_store_proxy'
 
 require 'rack/attack/railtie' if defined?(::Rails)
 
 module Rack
   class Attack
     class Error < StandardError; end
+
     class MisconfiguredStoreError < Error; end
+
     class MissingStoreError < Error; end
+
     class IncompatibleStoreError < Error; end
 
     autoload :Check,                'rack/attack/check'

data/spec/acceptance/blocking_ip_spec.rb

@@ -3,6 +3,8 @@
 require_relative "../spec_helper"
 
 describe "Blocking an IP" do
+  let(:notifications) { [] }
+
   before do
     Rack::Attack.blocklist_ip("1.2.3.4")
   end
@@ -19,22 +21,25 @@ describe "Blocking an IP" do
     assert_equal 200, last_response.status
   end
 
-  it "notifies when the request is blocked" do
-    notified = false
-    notification_type = nil
+  it "succeeds if IP is missing" do
+    get "/", {}, "REMOTE_ADDR" => ""
+
+    assert_equal 200, last_response.status
+  end
 
+  it "notifies when the request is blocked" do
     ActiveSupport::Notifications.subscribe("blocklist.rack_attack") do |_name, _start, _finish, _id, payload|
-      notified = true
-      notification_type = payload[:request].env["rack.attack.match_type"]
+      notifications.push(payload)
     end
 
     get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
 
-    refute notified
+    assert notifications.empty?
 
     get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
-    assert notified
-    assert_equal :blocklist, notification_type
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
   end
 end

data/spec/acceptance/blocking_spec.rb

@@ -3,6 +3,8 @@
 require_relative "../spec_helper"
 
 describe "#blocklist" do
+  let(:notifications) { [] }
+
   before do
     Rack::Attack.blocklist do |request|
       request.ip == "1.2.3.4"
@@ -22,27 +24,26 @@ describe "#blocklist" do
   end
 
   it "notifies when the request is blocked" do
-    notification_matched = nil
-    notification_type = nil
-
     ActiveSupport::Notifications.subscribe("rack.attack") do |_name, _start, _finish, _id, payload|
-      notification_matched = payload[:request].env["rack.attack.matched"]
-      notification_type = payload[:request].env["rack.attack.match_type"]
+      notifications.push(payload)
     end
 
     get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
 
-    assert_nil notification_matched
-    assert_nil notification_type
+    assert notifications.empty?
 
     get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
-    assert_nil notification_matched
-    assert_equal :blocklist, notification_type
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_nil notification[:request].env["rack.attack.matched"]
+    assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
   end
 end
 
 describe "#blocklist with name" do
+  let(:notifications) { [] }
+
   before do
     Rack::Attack.blocklist("block 1.2.3.4") do |request|
       request.ip == "1.2.3.4"
@@ -62,22 +63,19 @@ describe "#blocklist with name" do
   end
 
   it "notifies when the request is blocked" do
-    notification_matched = nil
-    notification_type = nil
-
     ActiveSupport::Notifications.subscribe("blocklist.rack_attack") do |_name, _start, _finish, _id, payload|
-      notification_matched = payload[:request].env["rack.attack.matched"]
-      notification_type = payload[:request].env["rack.attack.match_type"]
+      notifications.push(payload)
     end
 
     get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
 
-    assert_nil notification_matched
-    assert_nil notification_type
+    assert notifications.empty?
 
     get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
-    assert_equal "block 1.2.3.4", notification_matched
-    assert_equal :blocklist, notification_type
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_equal "block 1.2.3.4", notification[:request].env["rack.attack.matched"]
+    assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
   end
 end

data/spec/acceptance/blocking_subnet_spec.rb

@@ -3,6 +3,8 @@
 require_relative "../spec_helper"
 
 describe "Blocking an IP subnet" do
+  let(:notifications) { [] }
+
   before do
     Rack::Attack.blocklist_ip("1.2.3.4/31")
   end
@@ -26,21 +28,18 @@ describe "Blocking an IP subnet" do
   end
 
   it "notifies when the request is blocked" do
-    notified = false
-    notification_type = nil
-
     ActiveSupport::Notifications.subscribe("blocklist.rack_attack") do |_name, _start, _finish, _id, payload|
-      notified = true
-      notification_type = payload[:request].env["rack.attack.match_type"]
+      notifications.push(payload)
     end
 
     get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
 
-    refute notified
+    assert notifications.empty?
 
     get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
-    assert notified
-    assert_equal :blocklist, notification_type
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
   end
 end

data/spec/acceptance/cache_store_config_for_allow2ban_spec.rb

@@ -12,9 +12,11 @@ describe "Cache store config when using allow2ban" do
     end
   end
 
-  it "gives semantic error if no store was configured" do
-    assert_raises(Rack::Attack::MissingStoreError) do
-      get "/scarce-resource"
+  unless defined?(Rails)
+    it "gives semantic error if no store was configured" do
+      assert_raises(Rack::Attack::MissingStoreError) do
+        get "/scarce-resource"
+      end
     end
   end
 

data/spec/acceptance/cache_store_config_for_fail2ban_spec.rb

@@ -12,9 +12,11 @@ describe "Cache store config when using fail2ban" do
     end
   end
 
-  it "gives semantic error if no store was configured" do
-    assert_raises(Rack::Attack::MissingStoreError) do
-      get "/private-place"
+  unless defined?(Rails)
+    it "gives semantic error if no store was configured" do
+      assert_raises(Rack::Attack::MissingStoreError) do
+        get "/private-place"
+      end
     end
   end
 
@@ -79,7 +81,7 @@ describe "Cache store config when using fail2ban" do
   end
 
   it "works with any object that responds to #read, #write and #increment" do
-    FakeStore = Class.new do
+    fake_store_class = Class.new do
       attr_accessor :backend
 
       def initialize
@@ -100,7 +102,7 @@ describe "Cache store config when using fail2ban" do
       end
     end
 
-    Rack::Attack.cache.store = FakeStore.new
+    Rack::Attack.cache.store = fake_store_class.new
 
     get "/"
     assert_equal 200, last_response.status

data/spec/acceptance/cache_store_config_for_throttle_spec.rb

@@ -9,9 +9,11 @@ describe "Cache store config when throttling without Rails" do
     end
   end
 
-  it "gives semantic error if no store was configured" do
-    assert_raises(Rack::Attack::MissingStoreError) do
-      get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+  unless defined?(Rails)
+    it "gives semantic error if no store was configured" do
+      assert_raises(Rack::Attack::MissingStoreError) do
+        get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+      end
     end
   end
 

data/spec/acceptance/cache_store_config_with_rails_spec.rb

@@ -11,10 +11,12 @@ describe "Cache store config with Rails" do
     end
   end
 
-  it "fails when Rails.cache is not set" do
-    Object.stub_const(:Rails, OpenStruct.new(cache: nil)) do
-      assert_raises(Rack::Attack::MissingStoreError) do
-        get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+  unless defined?(Rails)
+    it "fails when Rails.cache is not set" do
+      Object.stub_const(:Rails, OpenStruct.new(cache: nil)) do
+        assert_raises(Rack::Attack::MissingStoreError) do
+          get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+        end
       end
     end
   end

data/spec/acceptance/extending_request_object_spec.rb

@@ -4,10 +4,8 @@ require_relative "../spec_helper"
 
 describe "Extending the request object" do
   before do
-    class Rack::Attack::Request
-      def authorized?
-        env["APIKey"] == "private-secret"
-      end
+    Rack::Attack::Request.define_method :authorized? do
+      env["APIKey"] == "private-secret"
     end
 
     Rack::Attack.blocklist("unauthorized requests") do |request|
@@ -17,9 +15,7 @@ describe "Extending the request object" do
 
   # We don't want the extension to leak to other test cases
   after do
-    class Rack::Attack::Request
-      remove_method :authorized?
-    end
+    Rack::Attack::Request.undef_method :authorized?
   end
 
   it "forbids request if blocklist condition is true" do

data/spec/acceptance/fail2ban_spec.rb

@@ -4,6 +4,8 @@ require_relative "../spec_helper"
 require "timecop"
 
 describe "fail2ban" do
+  let(:notifications) { [] }
+
   before do
     Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
 
@@ -75,4 +77,44 @@ describe "fail2ban" do
       assert_equal 200, last_response.status
     end
   end
+
+  it "notifies when the request is blocked" do
+    ActiveSupport::Notifications.subscribe("rack.attack") do |_name, _start, _finish, _id, payload|
+      notifications.push(payload)
+    end
+
+    get "/"
+
+    assert_equal 200, last_response.status
+    assert notifications.empty?
+
+    get "/private-place"
+
+    assert_equal 403, last_response.status
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_equal 'fail2ban pentesters', notification[:request].env["rack.attack.matched"]
+    assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
+
+    get "/"
+
+    assert_equal 200, last_response.status
+    assert notifications.empty?
+
+    get "/private-place"
+
+    assert_equal 403, last_response.status
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_equal 'fail2ban pentesters', notification[:request].env["rack.attack.matched"]
+    assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
+
+    get "/"
+
+    assert_equal 403, last_response.status
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_equal 'fail2ban pentesters', notification[:request].env["rack.attack.matched"]
+    assert_equal :blocklist, notification[:request].env["rack.attack.match_type"]
+  end
 end

data/spec/acceptance/safelisting_ip_spec.rb

@@ -3,6 +3,8 @@
 require_relative "../spec_helper"
 
 describe "Safelist an IP" do
+  let(:notifications) { [] }
+
   before do
     Rack::Attack.blocklist("admin") do |request|
       request.path == "/admin"
@@ -17,6 +19,12 @@ describe "Safelist an IP" do
     assert_equal 403, last_response.status
   end
 
+  it "forbids request if blocklist condition is true and safelist is false (missing IP)" do
+    get "/admin", {}, "REMOTE_ADDR" => ""
+
+    assert_equal 403, last_response.status
+  end
+
   it "succeeds if blocklist condition is false and safelist is false" do
     get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
 
@@ -36,15 +44,15 @@ describe "Safelist an IP" do
   end
 
   it "notifies when the request is safe" do
-    notification_type = nil
-
     ActiveSupport::Notifications.subscribe("safelist.rack_attack") do |_name, _start, _finish, _id, payload|
-      notification_type = payload[:request].env["rack.attack.match_type"]
+      notifications.push(payload)
     end
 
     get "/admin", {}, "REMOTE_ADDR" => "5.6.7.8"
 
     assert_equal 200, last_response.status
-    assert_equal :safelist, notification_type
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_equal :safelist, notification[:request].env["rack.attack.match_type"]
   end
 end

data/spec/acceptance/safelisting_spec.rb

@@ -3,6 +3,8 @@
 require_relative "../spec_helper"
 
 describe "#safelist" do
+  let(:notifications) { [] }
+
   before do
     Rack::Attack.blocklist do |request|
       request.ip == "1.2.3.4"
@@ -38,23 +40,23 @@ describe "#safelist" do
   end
 
   it "notifies when the request is safe" do
-    notification_matched = nil
-    notification_type = nil
-
     ActiveSupport::Notifications.subscribe("rack.attack") do |_name, _start, _finish, _id, payload|
-      notification_matched = payload[:request].env["rack.attack.matched"]
-      notification_type = payload[:request].env["rack.attack.match_type"]
+      notifications.push(payload)
     end
 
     get "/safe_space", {}, "REMOTE_ADDR" => "1.2.3.4"
 
     assert_equal 200, last_response.status
-    assert_nil notification_matched
-    assert_equal :safelist, notification_type
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_nil notification[:request].env["rack.attack.matched"]
+    assert_equal :safelist, notification[:request].env["rack.attack.match_type"]
   end
 end
 
 describe "#safelist with name" do
+  let(:notifications) { [] }
+
   before do
     Rack::Attack.blocklist("block 1.2.3.4") do |request|
       request.ip == "1.2.3.4"
@@ -90,18 +92,16 @@ describe "#safelist with name" do
   end
 
   it "notifies when the request is safe" do
-    notification_matched = nil
-    notification_type = nil
-
     ActiveSupport::Notifications.subscribe("safelist.rack_attack") do |_name, _start, _finish, _id, payload|
-      notification_matched = payload[:request].env["rack.attack.matched"]
-      notification_type = payload[:request].env["rack.attack.match_type"]
+      notifications.push(payload)
     end
 
     get "/safe_space", {}, "REMOTE_ADDR" => "1.2.3.4"
 
     assert_equal 200, last_response.status
-    assert_equal "safe path", notification_matched
-    assert_equal :safelist, notification_type
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_equal "safe path", notification[:request].env["rack.attack.matched"]
+    assert_equal :safelist, notification[:request].env["rack.attack.match_type"]
   end
 end

data/spec/acceptance/safelisting_subnet_spec.rb

@@ -3,6 +3,8 @@
 require_relative "../spec_helper"
 
 describe "Safelisting an IP subnet" do
+  let(:notifications) { [] }
+
   before do
     Rack::Attack.blocklist("admin") do |request|
       request.path == "/admin"
@@ -36,15 +38,15 @@ describe "Safelisting an IP subnet" do
   end
 
   it "notifies when the request is safe" do
-    notification_type = nil
-
     ActiveSupport::Notifications.subscribe("safelist.rack_attack") do |_name, _start, _finish, _id, payload|
-      notification_type = payload[:request].env["rack.attack.match_type"]
+      notifications.push(payload)
     end
 
     get "/admin", {}, "REMOTE_ADDR" => "5.6.0.0"
 
     assert_equal 200, last_response.status
-    assert_equal :safelist, notification_type
+    assert_equal 1, notifications.size
+    notification = notifications.pop
+    assert_equal :safelist, notification[:request].env["rack.attack.match_type"]
   end
 end