rack-attack 2.1.0 → 2.1.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack-attack might be problematic. Click here for more details.
- checksums.yaml +15 -0
- data/README.md +13 -1
- data/lib/rack/attack/cache.rb +1 -2
- data/lib/rack/attack/throttle.rb +3 -2
- data/lib/rack/attack/version.rb +1 -1
- data/spec/spec_helper.rb +6 -2
- metadata +8 -25
checksums.yaml
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
---
|
|
2
|
+
!binary "U0hBMQ==":
|
|
3
|
+
metadata.gz: !binary |-
|
|
4
|
+
ZmExMGQ3ZWEwMTBlMWY1N2ViNjgyMDM0YTI5Njc4ODQzZjU0NmQ3MQ==
|
|
5
|
+
data.tar.gz: !binary |-
|
|
6
|
+
MDJmYTBjNWE4NTAzNzQ0Yjg1MjQ4MWE5ZDE1YzU4OWU4YTkxZDBkMA==
|
|
7
|
+
!binary "U0hBNTEy":
|
|
8
|
+
metadata.gz: !binary |-
|
|
9
|
+
ZDJmYWJjMzhhYTdkZTYxMjM0ZDY2OGQ0ZjA2NzQ2ZGU2YTBiOWY2N2EwYTA2
|
|
10
|
+
MGIzNTBiMjAwMDhhYWE2YzMyZTI0OTk3MGM5MjU4NmQzYTc4YzdmNDYxNzcx
|
|
11
|
+
OTljOTVjNGE4YTQ1ZDQyMzY2MDdiMjUyZGFhNjFjNzc0NDBiZWQ=
|
|
12
|
+
data.tar.gz: !binary |-
|
|
13
|
+
Y2E5NGViNGQxMGFmMTM0ZWM2N2YzYWQ4Yjg4ZTkyMDdkNTY5NGVjOWUwNzEx
|
|
14
|
+
M2ViYWJlZWFiNTcxNGIwODk0Nzk5MDY5YjA5N2Y2MjE5ZjYxYTkzNzcyMWFk
|
|
15
|
+
NjQ4YzVhZGY0N2U2NzE1NjQwODkyYzIzMDFmZDMxYmM0ZmVlM2U=
|
data/README.md
CHANGED
|
@@ -154,6 +154,18 @@ You can subscribe to 'rack.attack' events and log it, graph it, etc:
|
|
|
154
154
|
puts req.inspect
|
|
155
155
|
end
|
|
156
156
|
|
|
157
|
+
## Performance
|
|
158
|
+
|
|
159
|
+
The overhead of running Rack::Attack is typically negligible (a few milliseconds per request),
|
|
160
|
+
but it depends on how many checks you've configured, and how long they take.
|
|
161
|
+
Throttles usually require a network roundtrip to your cache server(s),
|
|
162
|
+
so try to keep the number of throttle checks per request low.
|
|
163
|
+
|
|
164
|
+
If a request is blacklisted or throttled, the response is a very simple Rack response.
|
|
165
|
+
A single typical ruby web server thread can block several hundred requests per second.
|
|
166
|
+
|
|
167
|
+
Rack::Attack complements tools like `iptables` and nginx's [limit_zone module](http://wiki.nginx.org/HttpLimitZoneModule).
|
|
168
|
+
|
|
157
169
|
## Motivation
|
|
158
170
|
|
|
159
171
|
Abusive clients range from malicious login crackers to naively-written scrapers.
|
|
@@ -164,7 +176,7 @@ It is impractical if not impossible to block abusive clients completely.
|
|
|
164
176
|
Rack::Attack aims to let developers quickly mitigate abusive requests and rely
|
|
165
177
|
less on short-term, one-off hacks to block a particular attack.
|
|
166
178
|
|
|
167
|
-
|
|
179
|
+
See also: the [Backing & Hacking blog post](http://www.kickstarter.com/backing-and-hacking/rack-attack-protection-from-abusive-clients) introducing Rack::Attack.
|
|
168
180
|
|
|
169
181
|
[](https://travis-ci.org/kickstarter/rack-attack)
|
|
170
182
|
[](https://codeclimate.com/github/kickstarter/rack-attack)
|
data/lib/rack/attack/cache.rb
CHANGED
|
@@ -12,13 +12,12 @@ module Rack
|
|
|
12
12
|
attr_reader :store
|
|
13
13
|
def store=(store)
|
|
14
14
|
# RedisStore#increment needs different behavior, so detect that
|
|
15
|
-
# (method has an arity of 2; must call #expire
|
|
15
|
+
# (method has an arity of 2; must call #expire separately
|
|
16
16
|
if defined?(::ActiveSupport::Cache::RedisStore) && store.is_a?(::ActiveSupport::Cache::RedisStore)
|
|
17
17
|
# ActiveSupport::Cache::RedisStore doesn't expose any way to set an expiry,
|
|
18
18
|
# so use the raw Redis::Store instead
|
|
19
19
|
@store = store.instance_variable_get(:@data)
|
|
20
20
|
else
|
|
21
|
-
@redis_store = false
|
|
22
21
|
@store = store
|
|
23
22
|
end
|
|
24
23
|
end
|
data/lib/rack/attack/throttle.rb
CHANGED
|
@@ -1,14 +1,15 @@
|
|
|
1
1
|
module Rack
|
|
2
2
|
module Attack
|
|
3
3
|
class Throttle
|
|
4
|
+
MANDATORY_OPTIONS = [:limit, :period]
|
|
4
5
|
attr_reader :name, :limit, :period, :block
|
|
5
6
|
def initialize(name, options, block)
|
|
6
7
|
@name, @block = name, block
|
|
7
|
-
|
|
8
|
+
MANDATORY_OPTIONS.each do |opt|
|
|
8
9
|
raise ArgumentError.new("Must pass #{opt.inspect} option") unless options[opt]
|
|
9
10
|
end
|
|
10
11
|
@limit = options[:limit]
|
|
11
|
-
@period = options[:period]
|
|
12
|
+
@period = options[:period].to_i
|
|
12
13
|
end
|
|
13
14
|
|
|
14
15
|
def cache
|
data/lib/rack/attack/version.rb
CHANGED
data/spec/spec_helper.rb
CHANGED
|
@@ -4,11 +4,15 @@ require "bundler/setup"
|
|
|
4
4
|
require "minitest/autorun"
|
|
5
5
|
require "minitest/pride"
|
|
6
6
|
require "rack/test"
|
|
7
|
-
require 'debugger'
|
|
8
7
|
require 'active_support'
|
|
9
|
-
|
|
10
8
|
require "rack/attack"
|
|
11
9
|
|
|
10
|
+
begin
|
|
11
|
+
require 'debugger'
|
|
12
|
+
rescue LoadError
|
|
13
|
+
#nothing to do here
|
|
14
|
+
end
|
|
15
|
+
|
|
12
16
|
class Minitest::Spec
|
|
13
17
|
|
|
14
18
|
include Rack::Test::Methods
|
metadata
CHANGED
|
@@ -1,20 +1,18 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-attack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
5
|
-
prerelease:
|
|
4
|
+
version: 2.1.1
|
|
6
5
|
platform: ruby
|
|
7
6
|
authors:
|
|
8
7
|
- Aaron Suggs
|
|
9
8
|
autorequire:
|
|
10
9
|
bindir: bin
|
|
11
10
|
cert_chain: []
|
|
12
|
-
date: 2013-
|
|
11
|
+
date: 2013-05-16 00:00:00.000000000 Z
|
|
13
12
|
dependencies:
|
|
14
13
|
- !ruby/object:Gem::Dependency
|
|
15
14
|
name: rack
|
|
16
15
|
requirement: !ruby/object:Gem::Requirement
|
|
17
|
-
none: false
|
|
18
16
|
requirements:
|
|
19
17
|
- - ! '>='
|
|
20
18
|
- !ruby/object:Gem::Version
|
|
@@ -22,7 +20,6 @@ dependencies:
|
|
|
22
20
|
type: :runtime
|
|
23
21
|
prerelease: false
|
|
24
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
25
|
-
none: false
|
|
26
23
|
requirements:
|
|
27
24
|
- - ! '>='
|
|
28
25
|
- !ruby/object:Gem::Version
|
|
@@ -30,7 +27,6 @@ dependencies:
|
|
|
30
27
|
- !ruby/object:Gem::Dependency
|
|
31
28
|
name: minitest
|
|
32
29
|
requirement: !ruby/object:Gem::Requirement
|
|
33
|
-
none: false
|
|
34
30
|
requirements:
|
|
35
31
|
- - ! '>='
|
|
36
32
|
- !ruby/object:Gem::Version
|
|
@@ -38,7 +34,6 @@ dependencies:
|
|
|
38
34
|
type: :development
|
|
39
35
|
prerelease: false
|
|
40
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
41
|
-
none: false
|
|
42
37
|
requirements:
|
|
43
38
|
- - ! '>='
|
|
44
39
|
- !ruby/object:Gem::Version
|
|
@@ -46,7 +41,6 @@ dependencies:
|
|
|
46
41
|
- !ruby/object:Gem::Dependency
|
|
47
42
|
name: rack-test
|
|
48
43
|
requirement: !ruby/object:Gem::Requirement
|
|
49
|
-
none: false
|
|
50
44
|
requirements:
|
|
51
45
|
- - ! '>='
|
|
52
46
|
- !ruby/object:Gem::Version
|
|
@@ -54,7 +48,6 @@ dependencies:
|
|
|
54
48
|
type: :development
|
|
55
49
|
prerelease: false
|
|
56
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
57
|
-
none: false
|
|
58
51
|
requirements:
|
|
59
52
|
- - ! '>='
|
|
60
53
|
- !ruby/object:Gem::Version
|
|
@@ -62,7 +55,6 @@ dependencies:
|
|
|
62
55
|
- !ruby/object:Gem::Dependency
|
|
63
56
|
name: rake
|
|
64
57
|
requirement: !ruby/object:Gem::Requirement
|
|
65
|
-
none: false
|
|
66
58
|
requirements:
|
|
67
59
|
- - ! '>='
|
|
68
60
|
- !ruby/object:Gem::Version
|
|
@@ -70,7 +62,6 @@ dependencies:
|
|
|
70
62
|
type: :development
|
|
71
63
|
prerelease: false
|
|
72
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
73
|
-
none: false
|
|
74
65
|
requirements:
|
|
75
66
|
- - ! '>='
|
|
76
67
|
- !ruby/object:Gem::Version
|
|
@@ -78,7 +69,6 @@ dependencies:
|
|
|
78
69
|
- !ruby/object:Gem::Dependency
|
|
79
70
|
name: activesupport
|
|
80
71
|
requirement: !ruby/object:Gem::Requirement
|
|
81
|
-
none: false
|
|
82
72
|
requirements:
|
|
83
73
|
- - ! '>='
|
|
84
74
|
- !ruby/object:Gem::Version
|
|
@@ -86,7 +76,6 @@ dependencies:
|
|
|
86
76
|
type: :development
|
|
87
77
|
prerelease: false
|
|
88
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
89
|
-
none: false
|
|
90
79
|
requirements:
|
|
91
80
|
- - ! '>='
|
|
92
81
|
- !ruby/object:Gem::Version
|
|
@@ -94,23 +83,20 @@ dependencies:
|
|
|
94
83
|
- !ruby/object:Gem::Dependency
|
|
95
84
|
name: debugger
|
|
96
85
|
requirement: !ruby/object:Gem::Requirement
|
|
97
|
-
none: false
|
|
98
86
|
requirements:
|
|
99
87
|
- - ~>
|
|
100
88
|
- !ruby/object:Gem::Version
|
|
101
|
-
version: 1.
|
|
89
|
+
version: '1.5'
|
|
102
90
|
type: :development
|
|
103
91
|
prerelease: false
|
|
104
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
105
|
-
none: false
|
|
106
93
|
requirements:
|
|
107
94
|
- - ~>
|
|
108
95
|
- !ruby/object:Gem::Version
|
|
109
|
-
version: 1.
|
|
96
|
+
version: '1.5'
|
|
110
97
|
- !ruby/object:Gem::Dependency
|
|
111
98
|
name: redis-activesupport
|
|
112
99
|
requirement: !ruby/object:Gem::Requirement
|
|
113
|
-
none: false
|
|
114
100
|
requirements:
|
|
115
101
|
- - ! '>='
|
|
116
102
|
- !ruby/object:Gem::Version
|
|
@@ -118,7 +104,6 @@ dependencies:
|
|
|
118
104
|
type: :development
|
|
119
105
|
prerelease: false
|
|
120
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
-
none: false
|
|
122
107
|
requirements:
|
|
123
108
|
- - ! '>='
|
|
124
109
|
- !ruby/object:Gem::Version
|
|
@@ -126,7 +111,6 @@ dependencies:
|
|
|
126
111
|
- !ruby/object:Gem::Dependency
|
|
127
112
|
name: dalli
|
|
128
113
|
requirement: !ruby/object:Gem::Requirement
|
|
129
|
-
none: false
|
|
130
114
|
requirements:
|
|
131
115
|
- - ! '>='
|
|
132
116
|
- !ruby/object:Gem::Version
|
|
@@ -134,7 +118,6 @@ dependencies:
|
|
|
134
118
|
type: :development
|
|
135
119
|
prerelease: false
|
|
136
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
137
|
-
none: false
|
|
138
121
|
requirements:
|
|
139
122
|
- - ! '>='
|
|
140
123
|
- !ruby/object:Gem::Version
|
|
@@ -162,28 +145,27 @@ files:
|
|
|
162
145
|
- spec/spec_helper.rb
|
|
163
146
|
homepage: http://github.com/kickstarter/rack-attack
|
|
164
147
|
licenses: []
|
|
148
|
+
metadata: {}
|
|
165
149
|
post_install_message:
|
|
166
150
|
rdoc_options:
|
|
167
151
|
- --charset=UTF-8
|
|
168
152
|
require_paths:
|
|
169
153
|
- lib
|
|
170
154
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
171
|
-
none: false
|
|
172
155
|
requirements:
|
|
173
156
|
- - ! '>='
|
|
174
157
|
- !ruby/object:Gem::Version
|
|
175
158
|
version: 1.9.3
|
|
176
159
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
177
|
-
none: false
|
|
178
160
|
requirements:
|
|
179
161
|
- - ! '>='
|
|
180
162
|
- !ruby/object:Gem::Version
|
|
181
163
|
version: '0'
|
|
182
164
|
requirements: []
|
|
183
165
|
rubyforge_project:
|
|
184
|
-
rubygems_version:
|
|
166
|
+
rubygems_version: 2.0.3
|
|
185
167
|
signing_key:
|
|
186
|
-
specification_version:
|
|
168
|
+
specification_version: 4
|
|
187
169
|
summary: Block & throttle abusive requests
|
|
188
170
|
test_files:
|
|
189
171
|
- spec/rack_attack_cache_spec.rb
|
|
@@ -191,3 +173,4 @@ test_files:
|
|
|
191
173
|
- spec/rack_attack_throttle_spec.rb
|
|
192
174
|
- spec/rack_attack_track_spec.rb
|
|
193
175
|
- spec/spec_helper.rb
|
|
176
|
+
has_rdoc:
|