mirror of
https://github.com/samsonjs/rack-attack.git
synced 2026-04-27 15:07:41 +00:00
collapse fail2ban name/discriminator into one argument
This commit is contained in:
madlep
parent
9761faf6be
commit
2819e0d7a4
2 changed files with 14 additions and 14 deletions
|
|
@ -2,7 +2,7 @@ module Rack
|
||||||
module Attack
|
module Attack
|
||||||
class Fail2Ban
|
class Fail2Ban
|
||||||
class << self
|
class << self
|
||||||
def filter(name, discriminator, options)
|
def filter(discriminator, options)
|
||||||
bantime = options[:bantime] or raise ArgumentError, "Must pass bantime option"
|
bantime = options[:bantime] or raise ArgumentError, "Must pass bantime option"
|
||||||
findtime = options[:findtime] or raise ArgumentError, "Must pass findtime option"
|
findtime = options[:findtime] or raise ArgumentError, "Must pass findtime option"
|
||||||
maxretry = options[:maxretry] or raise ArgumentError, "Must pass maxretry option"
|
maxretry = options[:maxretry] or raise ArgumentError, "Must pass maxretry option"
|
||||||
|
|
@ -11,13 +11,13 @@ module Rack
|
||||||
# Return true for blacklist
|
# Return true for blacklist
|
||||||
true
|
true
|
||||||
elsif yield
|
elsif yield
|
||||||
fail!(name, discriminator, bantime, findtime, maxretry)
|
fail!(discriminator, bantime, findtime, maxretry)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
def fail!(name, discriminator, bantime, findtime, maxretry)
|
def fail!(discriminator, bantime, findtime, maxretry)
|
||||||
count = cache.count("#{name}:#{discriminator}", findtime)
|
count = cache.count("fail2ban:count:#{discriminator}", findtime)
|
||||||
if count >= maxretry
|
if count >= maxretry
|
||||||
ban!(discriminator, bantime)
|
ban!(discriminator, bantime)
|
||||||
end
|
end
|
||||||
|
|
@ -27,11 +27,11 @@ module Rack
|
||||||
end
|
end
|
||||||
|
|
||||||
def ban!(discriminator, bantime)
|
def ban!(discriminator, bantime)
|
||||||
cache.write("fail2ban:#{discriminator}", 1, bantime)
|
cache.write("fail2ban:ban:#{discriminator}", 1, bantime)
|
||||||
end
|
end
|
||||||
|
|
||||||
def banned?(discriminator)
|
def banned?(discriminator)
|
||||||
cache.read("fail2ban:#{discriminator}")
|
cache.read("fail2ban:ban:#{discriminator}")
|
||||||
end
|
end
|
||||||
|
|
||||||
def cache
|
def cache
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ describe 'Rack::Attack.Fail2Ban' do
|
||||||
Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
|
Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
|
||||||
@f2b_options = {:bantime => @bantime, :findtime => @findtime, :maxretry => 2}
|
@f2b_options = {:bantime => @bantime, :findtime => @findtime, :maxretry => 2}
|
||||||
Rack::Attack.blacklist('pentest') do |req|
|
Rack::Attack.blacklist('pentest') do |req|
|
||||||
Rack::Attack::Fail2Ban.filter("pentest", req.ip, @f2b_options){req.query_string =~ /OMGHAX/}
|
Rack::Attack::Fail2Ban.filter(req.ip, @f2b_options){req.query_string =~ /OMGHAX/}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -28,7 +28,7 @@ describe 'Rack::Attack.Fail2Ban' do
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'increases fail count' do
|
it 'increases fail count' do
|
||||||
key = "rack::attack:#{Time.now.to_i/@findtime}:pentest:1.2.3.4"
|
key = "rack::attack:#{Time.now.to_i/@findtime}:fail2ban:count:1.2.3.4"
|
||||||
@cache.store.read(key).must_equal 1
|
@cache.store.read(key).must_equal 1
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -50,12 +50,12 @@ describe 'Rack::Attack.Fail2Ban' do
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'increases fail count' do
|
it 'increases fail count' do
|
||||||
key = "rack::attack:#{Time.now.to_i/@findtime}:pentest:1.2.3.4"
|
key = "rack::attack:#{Time.now.to_i/@findtime}:fail2ban:count:1.2.3.4"
|
||||||
@cache.store.read(key).must_equal 2
|
@cache.store.read(key).must_equal 2
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'is banned' do
|
it 'is banned' do
|
||||||
key = "rack::attack:fail2ban:1.2.3.4"
|
key = "rack::attack:fail2ban:ban:1.2.3.4"
|
||||||
@cache.store.read(key).must_equal 1
|
@cache.store.read(key).must_equal 1
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -87,12 +87,12 @@ describe 'Rack::Attack.Fail2Ban' do
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'does not increase fail count' do
|
it 'does not increase fail count' do
|
||||||
key = "rack::attack:#{Time.now.to_i/@findtime}:pentest:1.2.3.4"
|
key = "rack::attack:#{Time.now.to_i/@findtime}:fail2ban:count:1.2.3.4"
|
||||||
@cache.store.read(key).must_equal 2
|
@cache.store.read(key).must_equal 2
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'is still banned' do
|
it 'is still banned' do
|
||||||
key = "rack::attack:fail2ban:1.2.3.4"
|
key = "rack::attack:fail2ban:ban:1.2.3.4"
|
||||||
@cache.store.read(key).must_equal 1
|
@cache.store.read(key).must_equal 1
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
@ -107,12 +107,12 @@ describe 'Rack::Attack.Fail2Ban' do
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'does not increase fail count' do
|
it 'does not increase fail count' do
|
||||||
key = "rack::attack:#{Time.now.to_i/@findtime}:pentest:1.2.3.4"
|
key = "rack::attack:#{Time.now.to_i/@findtime}:fail2ban:count:1.2.3.4"
|
||||||
@cache.store.read(key).must_equal 2
|
@cache.store.read(key).must_equal 2
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'is still banned' do
|
it 'is still banned' do
|
||||||
key = "rack::attack:fail2ban:1.2.3.4"
|
key = "rack::attack:fail2ban:ban:1.2.3.4"
|
||||||
@cache.store.read(key).must_equal 1
|
@cache.store.read(key).must_equal 1
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue