From a2d0f55a8199ad87cdb022062cbba6a739745e51 Mon Sep 17 00:00:00 2001 From: Aaron Suggs Date: Thu, 16 Aug 2012 11:48:36 -0400 Subject: [PATCH] Fix examples --- examples/instrumentation.rb | 8 +------- examples/rack_attack.rb | 10 +++++----- 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/examples/instrumentation.rb b/examples/instrumentation.rb index ade0da7..5750617 100644 --- a/examples/instrumentation.rb +++ b/examples/instrumentation.rb @@ -1,9 +1,3 @@ - -# Log blacklists & throttles -ActiveSupport::Notifications.subscribe('rack.attack.blacklist') do |name, start, finish, request_id, req| - puts req.inspect -end - -ActiveSupport::Notifications.subscribe('rack.attack.throttle') do |name, start, finish, request_id, req| +ActiveSupport::Notifications.subscribe('rack.attack') do |name, start, finish, request_id, req| puts req.inspect end diff --git a/examples/rack_attack.rb b/examples/rack_attack.rb index 81d3d0b..ace8785 100644 --- a/examples/rack_attack.rb +++ b/examples/rack_attack.rb @@ -7,20 +7,20 @@ Rack::Attack.throttle("req/ip", :limit => 10, :period => 1) { |req| req.ip } # Throttle attempts to a particular path. 2 POSTs to /login per second per IP Rack::Attack.throttle "logins/ip", :limit => 2, :period => 1 do |req| - req.ip if req.post? && req.path_info =~ /^login/ + req.post? && req.path == "/login" && req.ip end # Throttle login attempts per email, 10/minute/email Rack::Attack.throttle "logins/email", :limit => 2, :period => 60 do |req| - req.params['email'] unless req.params['email'].blank? + req.post? && req.path == "/login" && req.params['email'] end -# Blacklist cloud IPs from accessing PATH regexp +# Blacklist bad IPs from accessing admin pages Rack::Attack.blacklist "bad_ips from logging in" do |req| - req.path =~ /^login/ && bad_ips.include?(req.ip) + req.path =~ /^\/admin/ && bad_ips.include?(req.ip) end # Whitelist a User-Agent Rack::Attack.whitelist 'internal user agent' do |req| - req.user_agent =~ 'InternalUserAgent' + req.user_agent == 'InternalUserAgent' end