rack-attack 2.2.0 → 2.2.1

data/README.md

@@ -4,7 +4,7 @@
 Rack::Attack is a rack middleware to protect your web app from bad clients.
 It allows *whitelisting*, *blacklisting*, *throttling*, and *tracking* based on arbitrary properties of the request.
 
-Throttle state is stored in a configurable cache (e.g. `Rails.cache`), presumably backed by memcached or redis.
+Throttle state is stored in a configurable cache (e.g. `Rails.cache`), presumably backed by memcached or redis (at least v3.0.0).
 
 ## Installation
 
@@ -165,6 +165,8 @@ Customize the response of blacklisted and throttled requests using an object tha
 
 ```ruby
     Rack::Attack.blacklisted_response = lambda do |env|
+      # Using 503 because it may make attacker think that they have successfully
+      # DOSed the site. Rack::Attack returns 401 for blacklists by default
       [ 503, {}, ['Blocked']]
     end
 
@@ -176,6 +178,8 @@ Customize the response of blacklisted and throttled requests using an object tha
         env['rack.attack.match_data']
       ].inspect
 
+      # Using 503 because it may make attacker think that they have successfully
+      # DOSed the site. Rack::Attack returns 429 for throttling by default
       [ 503, {}, [body]]
     end
 ```

data/lib/rack/attack.rb

@@ -39,10 +39,10 @@ module Rack::Attack
 
       # Set defaults
       @notifier ||= ActiveSupport::Notifications if defined?(ActiveSupport::Notifications)
-      @blacklisted_response ||= lambda {|env| [503, {}, ["Blocked\n"]] }
+      @blacklisted_response ||= lambda {|env| [401, {}, ["Unauthorized\n"]] }
       @throttled_response   ||= lambda {|env|
         retry_after = env['rack.attack.match_data'][:period] rescue nil
-        [503, {'Retry-After' => retry_after.to_s}, ["Retry later\n"]]
+        [429, {'Retry-After' => retry_after.to_s}, ["Retry later\n"]]
       }
 
       self

data/lib/rack/attack/version.rb

@@ -1,5 +1,5 @@
 module Rack
   module Attack
-    VERSION = '2.2.0'
+    VERSION = '2.2.1'
   end
 end

data/spec/fail2ban_spec.rb

@@ -24,7 +24,7 @@ describe 'Rack::Attack.Fail2Ban' do
       describe 'when not at maxretry' do
         before { get '/?foo=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4' }
         it 'fails' do
-          last_response.status.must_equal 503
+          last_response.status.must_equal 401
         end
 
         it 'increases fail count' do
@@ -46,7 +46,7 @@ describe 'Rack::Attack.Fail2Ban' do
         end
 
         it 'fails' do
-          last_response.status.must_equal 503
+          last_response.status.must_equal 401
         end
 
         it 'increases fail count' do
@@ -83,7 +83,7 @@ describe 'Rack::Attack.Fail2Ban' do
       end
 
       it 'fails' do
-        last_response.status.must_equal 503
+        last_response.status.must_equal 401
       end
 
       it 'does not increase fail count' do
@@ -103,7 +103,7 @@ describe 'Rack::Attack.Fail2Ban' do
       end
 
       it 'fails' do
-        last_response.status.must_equal 503
+        last_response.status.must_equal 401
       end
 
       it 'does not increase fail count' do

data/spec/rack_attack_spec.rb

@@ -15,7 +15,7 @@ describe 'Rack::Attack' do
       before { get '/', {}, 'REMOTE_ADDR' => @bad_ip }
       it "should return a blacklist response" do
         get '/', {}, 'REMOTE_ADDR' => @bad_ip
-        last_response.status.must_equal 503
+        last_response.status.must_equal 401
       end
       it "should tag the env" do
         last_request.env['rack.attack.matched'].must_equal "ip #{@bad_ip}"

data/spec/rack_attack_throttle_spec.rb

@@ -26,7 +26,7 @@ describe 'Rack::Attack.throttle' do
       2.times { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
     end
     it 'should block the last request' do
-      last_response.status.must_equal 503
+      last_response.status.must_equal 429
     end
     it 'should tag the env' do
       last_request.env['rack.attack.matched'].must_equal 'ip/sec'

metadata

@@ -1,127 +1,104 @@
 --- !ruby/object:Gem::Specification
 name: rack-attack
 version: !ruby/object:Gem::Version
-  version: 2.2.0
+  version: 2.2.1
+  prerelease: 
 platform: ruby
 authors:
 - Aaron Suggs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-06-20 00:00:00.000000000 Z
+date: 2013-08-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &1 !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '0'
+  version_requirements: *1
 - !ruby/object:Gem::Dependency
   name: minitest
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &2 !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '0'
+  version_requirements: *2
 - !ruby/object:Gem::Dependency
   name: rack-test
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &3 !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '0'
+  version_requirements: *3
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &4 !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '0'
+  version_requirements: *4
 - !ruby/object:Gem::Dependency
   name: activesupport
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &5 !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: 3.0.0
   type: :development
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: 3.0.0
+  version_requirements: *5
 - !ruby/object:Gem::Dependency
   name: debugger
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &6 !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '1.5'
   type: :development
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: '1.5'
+  version_requirements: *6
 - !ruby/object:Gem::Dependency
   name: redis-activesupport
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &7 !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '0'
+  version_requirements: *7
 - !ruby/object:Gem::Dependency
   name: dalli
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &8 !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '0'
+  version_requirements: *8
 description: A rack middleware for throttling and blocking abusive requests
 email: aaron@ktheory.com
 executables: []
@@ -147,28 +124,30 @@ files:
 - spec/rack_attack_track_spec.rb
 - spec/spec_helper.rb
 homepage: http://github.com/kickstarter/rack-attack
-licenses: []
-metadata: {}
+licenses:
+- MIT
 post_install_message: 
 rdoc_options:
 - --charset=UTF-8
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - '>='
     - !ruby/object:Gem::Version
-      version: 1.9.3
+      version: 1.9.2
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.2
+rubygems_version: 1.8.3
 signing_key: 
-specification_version: 4
+specification_version: 3
 summary: Block & throttle abusive requests
 test_files:
 - spec/fail2ban_spec.rb

checksums.yaml

@@ -1,7 +0,0 @@
----
-SHA1:
-  metadata.gz: 30436667301e528e76d76b7454ad73ca9dd08a08
-  data.tar.gz: 72e275cb98d8e38b478c4db4d7fa5bdb4759c7ab
-SHA512:
-  metadata.gz: d2a8d0690b58f15a6f512077408fa40cec5c7e23b39ebc470a53a753273f1497e3605930106d2c16dd41a8b3edef39a3e9b66b0fd4778b871c5ab0017e2bd4ac
-  data.tar.gz: 2a097e071cafcdb11cf36d4150c459723877a852b7920fdf3ed5fa74cedf1ea3d19b25357d0bd31c3b47c48d3a938575e877aade034e8fc7f5eba882101385b5