mirror of
https://github.com/samsonjs/rack-attack.git
synced 2026-03-25 09:25:49 +00:00
Clarify Fail2Ban readme
This commit is contained in:
Aaron Suggs
parent
24143dd195
commit
2d81fa7217
1 changed files with 7 additions and 5 deletions
12
README.md
12
README.md
|
|
@ -88,18 +88,20 @@ A [Rack::Request](http://rack.rubyforge.org/doc/classes/Rack/Request.html) objec
|
|||
req.path == '/login' && req.post? && req.user_agent == 'BadUA'
|
||||
end
|
||||
|
||||
`Rack::Attack::Fail2Ban` can be combined with blacklists to block all requests from misbehaving clients.
|
||||
#### Fail2Ban
|
||||
|
||||
`Fail2Ban.filter` can be used within a blacklists to block all requests from misbehaving clients.
|
||||
This pattern is inspired by [fail2ban](http://www.fail2ban.org/wiki/index.php/Main_Page).
|
||||
See the [fail2ban documentation](http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Jail_Options) for more details on
|
||||
how the parameters work.
|
||||
|
||||
# Block requests from IP addresses that misbehave.
|
||||
# Allow up to 3 bad requests within 10 minutes, then ban the IP for 5 minutes if exceeded
|
||||
# Block requests containing '/etc/password' in the params.
|
||||
# After 3 blocked requests in 10 minutes, block all requests from that IP for 5 minutes.
|
||||
Rack::Attack.blacklist('fail2ban pentesters') do |req|
|
||||
# `filter` returns truthy value if request fails, or if it's from a previously banned IP
|
||||
# this causes `blacklist` to block the request
|
||||
# so the request is blocked
|
||||
Rack::Attack::Fail2Ban.filter(req.ip, :maxretry => 3, :findtime => 10.minutes, :bantime => 5.minutes) do
|
||||
# if block is truthy, the count for the IP is incremented
|
||||
# The count for the IP is incremented if the return value is truthy.
|
||||
CGI.unescape(req.query_string) =~ %r{/etc/passwd}
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in a new issue