rack-dedos 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 69f8976f9ee4fc15e9c0b3915020919fa72014acb8577933a5bdcd02b674570c
+  data.tar.gz: 31bbb973f18eee8e22ed576a12846f6443d1ab2106fa3b8a1cdf6b52cc374464
+SHA512:
+  metadata.gz: f506c9e93a4eb859a79c74c2053e493455aa13ebe8487fc42650a59bdb3e65da862b02cfab1cbfc54cb2186e340e014547bf6df4caf4f0afe2eae7233f3c9c1a
+  data.tar.gz: 9a18dfe754ea786cbef049ec91a11108fb36c272ce954190331612089412957f3056f0635f6bf520a60ff0ab3373678067f6fcc5a7cf4e05799b170a6139a26f

checksums.yaml.gz.sig

@@ -0,0 +1,2 @@
+�n
+
�.�D�j��v����=0��91[�⅑E��"g�({[�n��:�s�fqSc���+����c�Ș��58j���`�j�~ur��sn�-�m�P@���#D�.�p�!%`W�{3qw���$|�3�Dݴ��nJR�ڥW�ߦ��CΘ�2��k9>|����c�e@�K6��I뒢�y�,��*C���il�G�:I�zk��X��G��HP�VK��$�_��s�}8b0�L�JX9����4@��R]:

data/CHANGELOG.md

@@ -0,0 +1,10 @@
+## Main
+
+Nothing so far
+
+## 0.1.0
+
+#### Initial implementation
+
+* UserAgent filter
+* Country filter

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2023 Sven Schwyn
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,163 @@
+[![Version](https://img.shields.io/gem/v/rack-dedos.svg?style=flat)](https://rubygems.org/gems/rack-dedos)
+[![Tests](https://img.shields.io/github/actions/workflow/status/svoop/rack-dedos/test.yml?style=flat&label=tests)](https://github.com/svoop/rack-dedos/actions?workflow=Test)
+[![Code Climate](https://img.shields.io/codeclimate/maintainability/svoop/rack-dedos.svg?style=flat)](https://codeclimate.com/github/svoop/rack-dedos/)
+[![Donorbox](https://img.shields.io/badge/donate-on_donorbox-yellow.svg)](https://donorbox.org/bitcetera)
+
+<img src="https://github.com/svoop/rack-dedos/raw/main/doc/chop-chop.png" alt="chop-chop" align="right">
+
+# Rack::Dedos
+
+Somewhat more radical filters designed to decimate malicious requests during a [denial-of-service (DoS) attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) by chopping their connection well before your Rack app wastes any significant resources on them – ouch!
+
+The filters have been proven to work against certain DoS attacks, however, they might also block IPs behind proxies or VPNs. Make sure you have understood how the filters are triggered and consider this middleware a last resort only to be enabled during an attack.
+
+* [Homepage](https://github.com/svoop/rack-dedos)
+* [API](https://www.rubydoc.info/gems/rack-dedos)
+* Author: [Sven Schwyn - Bitcetera](https://bitcetera.com)
+
+## Install
+
+### Security
+
+This gem is [cryptographically signed](https://guides.rubygems.org/security/#using-gems) in order to assure it hasn't been tampered with. Unless already done, please add the author's public key as a trusted certificate now:
+
+```
+gem cert --add <(curl -Ls https://raw.github.com/svoop/rack-dedos/main/certs/svoop.pem)
+```
+
+### Bundler
+
+Add the following to the <tt>Gemfile</tt> or <tt>gems.rb</tt> of your [Bundler](https://bundler.io) powered Ruby project:
+
+```ruby
+gem 'rack-dedos'
+```
+
+And then install the bundle:
+
+```
+bundle install --trust-policy MediumSecurity
+```
+
+## Configuration
+
+Given the drastic nature of the filters, you should use this middleware for production environments only and/or if an environment variable like `UNDER_ATTACK` is set to true.
+
+### Rails
+
+```ruby
+# config/application.rb
+class Application < Rails::Application
+  if Rails.env.production? && ActiveModel::Type::Boolean.new.cast(ENV['UNDER_ATTACK'])
+    config.middleware.use Rack::Dedos
+  end
+end
+```
+
+### Rackup
+
+```ruby
+#!/usr/bin/env rackup
+require 'rack/dedos'
+
+if %w(true t on 1).include? ENV['UNDER_ATTACK']
+  use Rack::Dedos
+end
+
+run lambda { |env| [200, {'Content-Type' => 'text/plain'}, "Hello, world!\n"] }
+```
+
+### Response
+
+If a request is classified as malicious by at least one filter, the middleware responds with:
+
+> 403 Forbidden (Temporarily Blocked by Rules)
+
+This is the most appropriate response, however, feel free to trick the requester by tweaking this:
+
+```ruby
+use Rack::Dedos,
+  status: 503,
+  text: "Temporary Server Error"
+```
+
+## Filters
+
+By default, all filters described below are applied. You can exclude exclude certain filters:
+
+```ruby
+use Rack::Dedos,
+  exclude: [:user_agent]
+```
+
+To only apply one specific filter, use the corresponding class as shown below.
+
+### User Agent Filter
+
+```ruby
+use Rack::Dedos::UserAgent,
+  cache_url: 'redis://redis.example.com:6379/12',   # db 12 on default port
+  cache_key_prefix: 'dedos',   # key prefix for shared caches (default: nil)
+  cache_period: 1800   # seconds (default: 900)
+```
+
+Requests are blocked for `cache_period` seconds in case another request has been made within `cache_period` seconds from by same IP address but with a different user agent.
+
+The following cache backends are supported:
+
+* `redis://...` – ⚠️ The [redis gem](https://rubygems.org/gems/redis) has to be installed.
+* `hash` – Only for testing, don't use this in production.
+
+### Country Filter
+
+```ruby
+use Rack::Dedos::Country,
+  maxmind_db_file: '/var/db/maxmind/GeoLite2-Country.mmdb',
+  allowed_countries: %i(AT CH DE),
+  denied_countries: %i(RU)
+```
+
+Either allow or deny requests by probable country of origin. If both are set, the `denied_countries` option is ignored.
+
+⚠️ The [maxmind-db gem](https://rubygems.org/gems/maxmind-db) has to be installed.
+
+The MaxMind GeoLite2 database is free, however, you have to create an account on [maxmind.com](https://www.maxmind.com) and then download the country database.
+
+For automatic updates, create a `geoipupdate.conf` file and then use the [geoipupdate tool](https://github.com/maxmind/geoipupdate/releases) to fetch the latest country database:
+
+```
+version=4.10.0
+arch=linux_amd64
+conf=/etc/geoipupdate.conf
+dir=/var/db/maxmind/
+
+mkdir -p "${dir}"
+wget --quiet -O /tmp/geoipupdate.tgz https://github.com/maxmind/geoipupdate/releases/download/v${version}/geoipupdate_${version}_${arch}.tar.gz
+tar -xz -C /tmp -f /tmp/geoipupdate.tgz
+/tmp/geoipupdate_${version}_${arch}/geoipupdate -f "${conf}" -d "${dir}"
+```
+
+## Development
+
+For all required test fixtures to be present, you have to check out the repo
+with all of its submodules:
+
+```
+git clone git@github.com:svoop/rack-dedos.git
+cd rack-dedos
+git submodule update --init
+```
+
+To install the development dependencies and then run the test suite:
+
+```
+bundle install
+bundle exec rake    # run tests once
+bundle exec guard   # run tests whenever files are modified
+```
+
+You're welcome to [submit issues](https://github.com/svoop/rack-dedos/issues) and contribute code by [forking the project and submitting pull requests](https://docs.github.com/en/get-started/quickstart/fork-a-repo).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/lib/rack/dedos/base.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Rack
+  module Dedos
+    class Base
+
+      DEFAULT_OPTIONS = {
+        status: 403,
+        text: 'Forbidden (Temporarily Blocked by Rules)'
+      }
+
+      attr_reader :app
+      attr_reader :options
+
+      # @param app [#call]
+      # @param options [Hash{Symbol => Object}]
+      def initialize(app, options = {})
+        @app = app
+        @options = DEFAULT_OPTIONS.merge(options)
+      end
+
+      def call(env)
+        request = Rack::Request.new(env)
+        if allowed?(request)
+          app.call(env)
+        else
+          warn("rack-dedos: request from #{request.ip} blocked by #{self.class}")
+          [options[:status], { 'Content-Type' => 'text/plain' }, [options[:text]]]
+        end
+      end
+
+      private
+
+      def config
+        Rack::Dedos.config
+      end
+
+    end
+  end
+end

data/lib/rack/dedos/cache.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module Rack
+  module Dedos
+    class Cache
+
+      def initialize(url:, expires_in: nil, key_prefix: nil)
+        @url, @expires_in = url, expires_in
+        @key_prefix = ("#{key_prefix}:" if key_prefix).to_s
+        type = url.split(':').first
+        extend Object.const_get("Rack::Dedos::Cache::#{type.capitalize}")
+      rescue NameError
+        raise(ArgumentError, "type of cache for `#{@url}' not supported")
+      end
+
+      module Hash
+        def store
+          @store ||= {}
+        end
+
+        def set(key, value)
+          store[key] = [value, timestamp]
+        end
+
+        def get(key)
+          if (value, created_at = store[key])
+            if !@expires_in || @expires_in >= timestamp - created_at
+              value
+            else
+              store.delete(key)
+              nil
+            end
+          end
+        end
+
+        private
+
+        def timestamp
+          Time.now.to_i
+        end
+      end
+
+      module Redis
+        require 'redis'
+
+        def store
+          @store ||= ::Redis.new(url: @url)
+        end
+
+        def set(key, value)
+          store.set(@key_prefix + key, value, ex: @expires_in)
+        end
+
+        def get(key)
+          store.get(@key_prefix + key)
+        end
+      end
+
+    end
+  end
+end

data/lib/rack/dedos/country.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require 'maxmind/db'
+
+module Rack
+  module Dedos
+    class Country < Base
+
+      # @option options [String] :maxmind_db_file MaxMind database file
+      # @option options [Symbol, Array<Symbol>] :allowed_countries ISO 3166-1 alpha 2
+      # @option options [Symbol, Array<Symbol>] :denied_countries ISO 3166-1 alpha 2
+      def initialize(*)
+        super
+        @maxmind_db_file = options[:maxmind_db_file] or fail "MaxMind database file not set"
+        @allowed = case
+          when @countries = options[:allowed_countries] then true
+          when @countries = options[:denied_countries] then false
+          else fail "neither allowed nor denied countries set"
+        end
+        maxmind_db   # hit once to fail on errors at boot
+      end
+
+      def allowed?(request)
+        if country = maxmind_db.get(request.ip)
+          country_code = country.dig('country', 'iso_code').to_sym
+          @countries.include?(country_code) ? @allowed : !@allowed
+        else   # not found in database
+          true
+        end
+      rescue => error
+        warn("rack-dedos: request from #{request.ip} allowed due to error: #{error.message}")
+        true
+      end
+
+      private
+
+      def maxmind_db
+        config[:maxmind_db] ||= MaxMind::DB.new(
+          @maxmind_db_file,
+          mode: MaxMind::DB::MODE_FILE
+        )
+      end
+
+    end
+  end
+end

data/lib/rack/dedos/user_agent.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module Rack
+  module Dedos
+    class UserAgent < Base
+
+      # @option options [String] :cache_url URL of the cache backend
+      # @option options [Integer] :cache_period how long to retain cached IP
+      #   addresses in seconds (default: 900)
+      def initialize(*)
+        super
+        @cache_url = options[:cache_url] or fail "cache URL not set"
+        @cache_period = options[:cache_period] || 900
+        @cache_key_prefix = options[:cache_key_prefix]
+        cache   # hit once to fail on errors at boot
+      end
+
+      def allowed?(request)
+        case cache.get(request.ip)
+        when nil              # first contact
+          cache.set(request.ip, request.user_agent)
+          true
+        when 'BLOCKED'        # already blocked
+          false
+        when request.user_agent   # user agent hasn't changed
+          true
+        else                  # user agent has changed
+          cache.set(request.ip, 'BLOCKED')
+          false
+        end
+      rescue => error
+        warn("rack-dedos: request from #{request.ip} allowed due to error: #{error.message}")
+        true
+      end
+
+      private
+
+      def cache
+        config[:cache] ||= Cache.new(
+          url: @cache_url,
+          expires_in: @cache_period,
+          key_prefix: @cache_key_prefix
+        )
+      end
+
+    end
+  end
+end

data/lib/rack/dedos/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Rack
+  module Dedos
+    VERSION = "0.1.0"
+  end
+end

data/lib/rack/dedos.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'rack'
+
+require_relative 'dedos/version'
+
+module Rack
+  module Dedos
+    lib_dir = ::File.expand_path(::File.dirname(__FILE__))
+    autoload :Cache, lib_dir + '/dedos/cache'
+    autoload :Base, lib_dir + '/dedos/base'
+    autoload :UserAgent, lib_dir + '/dedos/user_agent'
+    autoload :Country, lib_dir + '/dedos/country'
+
+    class << self
+      def config
+        @config ||= {}
+      end
+
+      def new(app, options = {})
+        except = Array options[:except]
+
+        Rack::Builder.new do
+          use(::Rack::Dedos::UserAgent, options) unless except.include? :user_agent
+          use(::Rack::Dedos::Country, options) unless except.include? :country
+          run app
+        end.to_app
+      end
+    end
+  end
+end

data.tar.gz.sig

@@ -0,0 +1,4 @@
+�!-�h�v�
+ gJ%�*.�|T�����X�IN郵����
��[HDtE.���S��S�R�U+;M��]�#8��t��7���,y�DQ��qà�Î��n����[6�g
+��8[��҄�z�9Ais$�gY��gG���U1E]����mCH{��y������j'
+��xK�����=g�vW��ň;x��Ɲ�-,��Ⱦ??��p�j%�js�g��a��Ċ��?L^�$kr

metadata

@@ -0,0 +1,250 @@
+--- !ruby/object:Gem::Specification
+name: rack-dedos
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Sven Schwyn
+autorequire:
+bindir: bin
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDODCCAiCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDDBhydWJ5
+  L0RDPWJpdGNldGVyYS9EQz1jb20wHhcNMjIxMTA2MTIzNjUwWhcNMjMxMTA2MTIz
+  NjUwWjAjMSEwHwYDVQQDDBhydWJ5L0RDPWJpdGNldGVyYS9EQz1jb20wggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcLg+IHjXYaUlTSU7R235lQKD8ZhEe
+  KMhoGlSUonZ/zo1OT3KXcqTCP1iMX743xYs6upEGALCWWwq+nxvlDdnWRjF3AAv7
+  ikC+Z2BEowjyeCCT/0gvn4ohKcR0JOzzRaIlFUVInlGSAHx2QHZ2N8ntf54lu7nd
+  L8CiDK8rClsY4JBNGOgH9UC81f+m61UUQuTLxyM2CXfAYkj/sGNTvFRJcNX+nfdC
+  hM9r2kH1+7wsa8yG7wJ2IkrzNACD8v84oE6qVusN8OLEMUI/NaEPVPbw2LUM149H
+  PVa0i729A4IhroNnFNmw4wOC93ARNbM1+LW36PLMmKjKudf5Exg8VmDVAgMBAAGj
+  dzB1MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBSfK8MtR62mQ6oN
+  yoX/VKJzFjLSVDAdBgNVHREEFjAUgRJydWJ5QGJpdGNldGVyYS5jb20wHQYDVR0S
+  BBYwFIEScnVieUBiaXRjZXRlcmEuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAYG2na
+  ye8OE2DANQIFM/xDos/E4DaPWCJjX5xvFKNKHMCeQYPeZvLICCwyw2paE7Otwk6p
+  uvbg2Ks5ykXsbk5i6vxDoeeOLvmxCqI6m+tHb8v7VZtmwRJm8so0eSX0WvTaKnIf
+  CAn1bVUggczVdNoBXw9WAILKyw9bvh3Ft740XZrR74sd+m2pGwjCaM8hzLvrVbGP
+  DyYhlBeRWyQKQ0WDIsiTSRhzK8HwSTUWjvPwx7SEdIU/HZgyrk0ETObKPakVu6bH
+  kAyiRqgxF4dJviwtqI7mZIomWL63+kXLgjOjMe1SHxfIPo/0ji6+r1p4KYa7o41v
+  fwIwU1MKlFBdsjkd
+  -----END CERTIFICATE-----
+date: 2023-02-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+- !ruby/object:Gem::Dependency
+  name: redis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: maxmind-db
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest-sound
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest-focus
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: |
+  Somewhat more radical filters designed to decimate malicious requests during
+  a denial-of-service (DoS) attack by chopping their connection well before
+  your Rack app wastes any significant resources on them – ouch!
+
+  The filters have been proven to work against certain DoS attacks, however,
+  they might also block IPs behind proxies or VPNs. Make sure you have
+  understood how the filters are triggered and consider this middleware a last
+  resort only to be enabled during an attack.
+email:
+- ruby@bitcetera.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- README.md
+- CHANGELOG.md
+- LICENSE.txt
+files:
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- lib/rack/dedos.rb
+- lib/rack/dedos/base.rb
+- lib/rack/dedos/cache.rb
+- lib/rack/dedos/country.rb
+- lib/rack/dedos/user_agent.rb
+- lib/rack/dedos/version.rb
+homepage: https://github.com/svoop/rack-dedos
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/svoop/rack-dedos
+  changelog_uri: https://github.com/svoop/rack-dedos/blob/main/CHANGELOG.md
+  source_code_uri: https://github.com/svoop/rack-dedos
+  documentation_uri: https://www.rubydoc.info/gems/rack-dedos
+  bug_tracker_uri: https://github.com/svoop/rack-dedos/issues
+post_install_message:
+rdoc_options:
+- "--title"
+- AIXM/OFMX Builder
+- "--main"
+- README.md
+- "--line-numbers"
+- "--inline-source"
+- "--quiet"
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.6
+signing_key:
+specification_version: 4
+summary: Radical filters to block denial-of-service (DoS) requests.
+test_files: []