rack-attack 1.1.0 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack-attack might be problematic. Click here for more details.
- data/README.md +17 -18
- data/lib/rack/attack.rb +5 -2
- data/lib/rack/attack/version.rb +1 -1
- metadata +1 -1
data/README.md
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Rack::Attack!!!
|
|
2
|
-
A DSL for blocking & thottling abusive clients
|
|
2
|
+
*A DSL for blocking & thottling abusive clients*
|
|
3
3
|
|
|
4
4
|
Rack::Attack is a rack middleware to protect your web app from bad clients.
|
|
5
5
|
It allows *whitelisting*, *blacklisting*, and *thottling* based on arbitrary properties of the request.
|
|
@@ -8,9 +8,10 @@ Thottle state is stored in a configurable cache (e.g. `Rails.cache`), presumably
|
|
|
8
8
|
|
|
9
9
|
## Installation
|
|
10
10
|
|
|
11
|
-
|
|
11
|
+
Install the [rack-attack](http://rubygems.org/gems/rack-attack) gem; or add it to you Gemfile with bundler:
|
|
12
12
|
|
|
13
|
-
|
|
13
|
+
# In your Gemfile
|
|
14
|
+
gem 'rack-attack'
|
|
14
15
|
|
|
15
16
|
Tell your app to use the Rack::Attack middleware.
|
|
16
17
|
For Rails 3 apps:
|
|
@@ -18,22 +19,23 @@ For Rails 3 apps:
|
|
|
18
19
|
# In config/application.rb
|
|
19
20
|
config.middleware.use Rack::Attack
|
|
20
21
|
|
|
21
|
-
Or
|
|
22
|
+
Or for Rackup files:
|
|
22
23
|
|
|
24
|
+
# In config.ru
|
|
23
25
|
use Rack::Attack
|
|
24
26
|
|
|
25
27
|
Optionally configure the cache store for throttling:
|
|
26
28
|
|
|
27
|
-
Rack::Attack.cache.store =
|
|
29
|
+
Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new # defaults to Rails.cache
|
|
28
30
|
|
|
29
|
-
Note that `Rack::Attack.cache` is only used for throttling, not blacklisting & whitelisting.
|
|
31
|
+
Note that `Rack::Attack.cache` is only used for throttling, not blacklisting & whitelisting. Your cache store must implement `increment` and `write` like [ActiveSupport::Cache::Store](http://api.rubyonrails.org/classes/ActiveSupport/Cache/Store.html).
|
|
30
32
|
|
|
31
33
|
## How it works
|
|
32
34
|
|
|
33
|
-
The Rack::Attack middleware
|
|
35
|
+
The Rack::Attack middleware compares each request against *whitelists*, *blacklists*, and *throttles* that you define. There are none by default.
|
|
34
36
|
|
|
35
|
-
* If the request matches any whitelist,
|
|
36
|
-
* If the request matches any blacklist,
|
|
37
|
+
* If the request matches any whitelist, it is allowed. Blacklists and throttles are not checked.
|
|
38
|
+
* If the request matches any blacklist, it is blocked. Throttles are not checked.
|
|
37
39
|
* If the request matches any throttle, a counter is incremented in the Rack::Attack.cache. If the throttle limit is exceeded, the request is blocked and further throttles are not checked.
|
|
38
40
|
|
|
39
41
|
## Usage
|
|
@@ -83,17 +85,18 @@ Customize the response of throttled requests using an object that adheres to the
|
|
|
83
85
|
|
|
84
86
|
Rack:Attack.throttled_response = lambda do |env|
|
|
85
87
|
# name and other data about the matched throttle
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
88
|
+
body = [
|
|
89
|
+
env['rack.attack.matched'],
|
|
90
|
+
env['rack.attack.match_type'],
|
|
91
|
+
env['rack.attack.match_data']
|
|
92
|
+
].inspect
|
|
89
93
|
|
|
90
|
-
[ 503, {}, [
|
|
94
|
+
[ 503, {}, [body]]
|
|
91
95
|
end
|
|
92
96
|
|
|
93
97
|
Similarly for blacklisted responses:
|
|
94
98
|
|
|
95
99
|
Rack:Attack.blacklisted_response = lambda do |env|
|
|
96
|
-
env['rack.attack.blacklisted'] # name of the matched blacklist
|
|
97
100
|
[ 503, {}, ['Blocked']]
|
|
98
101
|
end
|
|
99
102
|
|
|
@@ -119,10 +122,6 @@ less on short-term, one-off hacks to block a particular attack.
|
|
|
119
122
|
|
|
120
123
|
Rack::Attack complements `iptables` and nginx's [limit_zone module](http://wiki.nginx.org/HttpLimitZoneModule).
|
|
121
124
|
|
|
122
|
-
## Thanks
|
|
123
|
-
|
|
124
|
-
Thanks to [Kickstarter](https://github.com/kickstarter) for sponsoring Rack::Attack development
|
|
125
|
-
|
|
126
125
|
[](http://travis-ci.org/ktheory/rack-attack)
|
|
127
126
|
|
|
128
127
|
## License
|
data/lib/rack/attack.rb
CHANGED
|
@@ -7,7 +7,7 @@ module Rack::Attack
|
|
|
7
7
|
|
|
8
8
|
class << self
|
|
9
9
|
|
|
10
|
-
attr_accessor :
|
|
10
|
+
attr_accessor :notifier, :blacklisted_response, :throttled_response
|
|
11
11
|
|
|
12
12
|
def whitelist(name, &block)
|
|
13
13
|
self.whitelists[name] = Whitelist.new(name, block)
|
|
@@ -29,7 +29,6 @@ module Rack::Attack
|
|
|
29
29
|
@app = app
|
|
30
30
|
|
|
31
31
|
# Set defaults
|
|
32
|
-
@cache ||= Cache.new
|
|
33
32
|
@notifier ||= ActiveSupport::Notifications if defined?(ActiveSupport::Notifications)
|
|
34
33
|
@blacklisted_response ||= lambda {|env| [503, {}, ['Blocked']] }
|
|
35
34
|
@throttled_response ||= lambda {|env|
|
|
@@ -78,6 +77,10 @@ module Rack::Attack
|
|
|
78
77
|
notifier.instrument('rack.attack', req) if notifier
|
|
79
78
|
end
|
|
80
79
|
|
|
80
|
+
def cache
|
|
81
|
+
@cache ||= Cache.new
|
|
82
|
+
end
|
|
83
|
+
|
|
81
84
|
def clear!
|
|
82
85
|
@whitelists, @blacklists, @throttles = {}, {}, {}
|
|
83
86
|
end
|
data/lib/rack/attack/version.rb
CHANGED