rack-attack 1.3.0 → 1.3.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack-attack might be problematic. Click here for more details.
- data/README.md +7 -10
- data/lib/rack/attack/cache.rb +5 -3
- data/lib/rack/attack/version.rb +1 -1
- metadata +3 -3
data/README.md
CHANGED
|
@@ -83,7 +83,11 @@ Note that `req` is a [Rack::Request](http://rack.rubyforge.org/doc/classes/Rack/
|
|
|
83
83
|
|
|
84
84
|
## Responses
|
|
85
85
|
|
|
86
|
-
Customize the response of throttled requests using an object that adheres to the [Rack app interface](http://rack.rubyforge.org/doc/SPEC.html).
|
|
86
|
+
Customize the response of blacklisted and throttled requests using an object that adheres to the [Rack app interface](http://rack.rubyforge.org/doc/SPEC.html).
|
|
87
|
+
|
|
88
|
+
Rack:Attack.blacklisted_response = lambda do |env|
|
|
89
|
+
[ 503, {}, ['Blocked']]
|
|
90
|
+
end
|
|
87
91
|
|
|
88
92
|
Rack:Attack.throttled_response = lambda do |env|
|
|
89
93
|
# name and other data about the matched throttle
|
|
@@ -96,16 +100,9 @@ Customize the response of throttled requests using an object that adheres to the
|
|
|
96
100
|
[ 503, {}, [body]]
|
|
97
101
|
end
|
|
98
102
|
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
Rack:Attack.blacklisted_response = lambda do |env|
|
|
102
|
-
[ 503, {}, ['Blocked']]
|
|
103
|
-
end
|
|
104
|
-
|
|
105
|
-
For responses that did not exceed a throttle limit, Rack::Attack annotates the environment with match data.
|
|
106
|
-
For example, in out `reqs/ip` throttle above, a matching request would have:
|
|
103
|
+
For responses that did not exceed a throttle limit, Rack::Attack annotates the env with match data:
|
|
107
104
|
|
|
108
|
-
request.env['rack.attack.throttle_data'][
|
|
105
|
+
request.env['rack.attack.throttle_data'][name] # => { :count => n, :period => p, :limit => l }
|
|
109
106
|
|
|
110
107
|
## Logging & Instrumentation
|
|
111
108
|
|
data/lib/rack/attack/cache.rb
CHANGED
|
@@ -9,11 +9,13 @@ module Rack
|
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
def count(unprefixed_key, period)
|
|
12
|
-
|
|
13
|
-
|
|
12
|
+
epoch_time = Time.now.to_i
|
|
13
|
+
expires_in = period - (epoch_time % period)
|
|
14
|
+
key = "#{prefix}:#{epoch_time/period}:#{unprefixed_key}"
|
|
15
|
+
result = store.increment(key, 1, :expires_in => expires_in)
|
|
14
16
|
# NB: Some stores return nil when incrementing uninitialized values
|
|
15
17
|
if result.nil?
|
|
16
|
-
store.write(key, 1)
|
|
18
|
+
store.write(key, 1, :expires_in => expires_in)
|
|
17
19
|
end
|
|
18
20
|
result || 1
|
|
19
21
|
end
|
data/lib/rack/attack/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-attack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.1
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2012-08-
|
|
12
|
+
date: 2012-08-09 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rack
|
|
@@ -145,7 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
145
145
|
version: '0'
|
|
146
146
|
requirements: []
|
|
147
147
|
rubyforge_project:
|
|
148
|
-
rubygems_version: 1.8.
|
|
148
|
+
rubygems_version: 1.8.23
|
|
149
149
|
signing_key:
|
|
150
150
|
specification_version: 3
|
|
151
151
|
summary: Block & throttle abusive requests
|