sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-04-27 15:07:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

More docs

Browse source
This commit is contained in:
Aaron Suggs 2012-07-28 22:10:08 -04:00
parent cf49b00c00
commit 0faab21338
1 changed files with 29 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
README.md
View file

@ -8,7 +8,7 @@ Thottle state is stored in a configurable cache (e.g. `Rails.cache`), presumably
## Installation ## Installation
Add "rack-attack" to your Gemfile or run Add the [rack-attack](http://rubygems.org/gems/rack-attack) gem to your Gemfile or run
gem install rack-attack gem install rack-attack
@ -38,6 +38,11 @@ The Rack::Attack middleware examines each request against *whitelists*, *blackli
## Usage ## Usage
Define blacklists, throttles, and whitelists.
Note that `req` is a [Rack::Request](http://rack.rubyforge.org/doc/classes/Rack/Request.html) object.
### Blacklists
# Block requests from 1.2.3.4 # Block requests from 1.2.3.4
Rack::Attack.blacklist('block 1.2.3.4') do |req| Rack::Attack.blacklist('block 1.2.3.4') do |req|
# Request are blocked if the return value is truthy # Request are blocked if the return value is truthy
@ -49,6 +54,8 @@ The Rack::Attack middleware examines each request against *whitelists*, *blackli
req.post? && request.path == '/login' && req.user_agent == 'BadUA' req.post? && request.path == '/login' && req.user_agent == 'BadUA'
end end
### Throttles
# Throttle requests to 5 requests per second per ip # Throttle requests to 5 requests per second per ip
Rack::Attack.throttle('req/ip', :limit => 5, :period => 1.second) do |req| Rack::Attack.throttle('req/ip', :limit => 5, :period => 1.second) do |req|
# If the return value is truthy, the cache key for "rack::attack:req/ip:#{req.ip}" is incremented and checked. # If the return value is truthy, the cache key for "rack::attack:req/ip:#{req.ip}" is incremented and checked.
@ -61,6 +68,8 @@ The Rack::Attack middleware examines each request against *whitelists*, *blackli
req.post? && request.path == '/login' && req.params['email'] req.post? && request.path == '/login' && req.params['email']
end end
### Whitelists
# Always allow requests from localhost # Always allow requests from localhost
# (blacklist & throttles are skipped) # (blacklist & throttles are skipped)
Rack::Attack.whitelist('allow from localhost') do |req| Rack::Attack.whitelist('allow from localhost') do |req|
@ -68,7 +77,21 @@ The Rack::Attack middleware examines each request against *whitelists*, *blackli
'127.0.0.1' == req.ip '127.0.0.1' == req.ip
end end
Note that `req` is a [Rack::Request](http://rack.rubyforge.org/doc/classes/Rack/Request.html) object. ## Responses
Customize the response of throttled requests using an object that adheres to the [Rack app interface](http://rack.rubyforge.org/doc/SPEC.html).
Rack:Attack.throttled_response = lambda do |env|
env['rack.attack.throttled'] # name and other data about the matched throttle
[ 503, {}, ['Throttled']]
end
Similarly for blacklisted responses:
Rack:Attack.blacklisted_response = lambda do |env|
env['rack.attack.blacklisted'] # name of the matched blacklist
[ 503, {}, ['Blocked']]
end
## Logging & Instrumentation ## Logging & Instrumentation
@ -84,4 +107,8 @@ less on short-term, one-off hacks to block a particular attack.
Rack::Attack complements `iptables` and nginx's [limit_zone module](http://wiki.nginx.org/HttpLimitZoneModule). Rack::Attack complements `iptables` and nginx's [limit_zone module](http://wiki.nginx.org/HttpLimitZoneModule).
## Thanks
Thanks to [Kickstarter](https://github.com/kickstarter) for sponsoring Rack::Attack development
[![Travis CI](https://secure.travis-ci.org/ktheory/rack-attack.png)](http://travis-ci.org/ktheory/rack-attack) [![Travis CI](https://secure.travis-ci.org/ktheory/rack-attack.png)](http://travis-ci.org/ktheory/rack-attack)