diff --git a/README.md b/README.md index c8f5ed5..bd7076b 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # Rack::Attack!!! -A DSL for blocking & thottling abusive clients +*A DSL for blocking & thottling abusive clients* Rack::Attack is a rack middleware to protect your web app from bad clients. It allows *whitelisting*, *blacklisting*, and *thottling* based on arbitrary properties of the request. @@ -8,9 +8,10 @@ Thottle state is stored in a configurable cache (e.g. `Rails.cache`), presumably ## Installation -Add the [rack-attack](http://rubygems.org/gems/rack-attack) gem to your Gemfile or run +Install the [rack-attack](http://rubygems.org/gems/rack-attack) gem; or add it to you Gemfile with bundler: - gem install rack-attack + # In your Gemfile + gem 'rack-attack' Tell your app to use the Rack::Attack middleware. For Rails 3 apps: @@ -18,22 +19,23 @@ For Rails 3 apps: # In config/application.rb config.middleware.use Rack::Attack -Or in your `config.ru`: +Or for Rackup files: + # In config.ru use Rack::Attack Optionally configure the cache store for throttling: - Rack::Attack.cache.store = my_cache_store # defaults to Rails.cache + Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new # defaults to Rails.cache -Note that `Rack::Attack.cache` is only used for throttling, not blacklisting & whitelisting. +Note that `Rack::Attack.cache` is only used for throttling, not blacklisting & whitelisting. Your cache store must implement `increment` and `write` like [ActiveSupport::Cache::Store](http://api.rubyonrails.org/classes/ActiveSupport/Cache/Store.html). ## How it works -The Rack::Attack middleware examines each request against *whitelists*, *blacklists*, and *throttles* that you define. There are none by default. +The Rack::Attack middleware compares each request against *whitelists*, *blacklists*, and *throttles* that you define. There are none by default. - * If the request matches any whitelist, the request is allowed. Blacklists and throttles are not checked. - * If the request matches any blacklist, the request is blocked. Throttles are not checked. + * If the request matches any whitelist, it is allowed. Blacklists and throttles are not checked. + * If the request matches any blacklist, it is blocked. Throttles are not checked. * If the request matches any throttle, a counter is incremented in the Rack::Attack.cache. If the throttle limit is exceeded, the request is blocked and further throttles are not checked. ## Usage @@ -83,17 +85,18 @@ Customize the response of throttled requests using an object that adheres to the Rack:Attack.throttled_response = lambda do |env| # name and other data about the matched throttle - env['rack.attack.matched'] - env['rack.attack.match_type'] - env['rack.attack.match_data'] + body = [ + env['rack.attack.matched'], + env['rack.attack.match_type'], + env['rack.attack.match_data'] + ].inspect - [ 503, {}, ['Throttled']] + [ 503, {}, [body]] end Similarly for blacklisted responses: Rack:Attack.blacklisted_response = lambda do |env| - env['rack.attack.blacklisted'] # name of the matched blacklist [ 503, {}, ['Blocked']] end @@ -119,10 +122,6 @@ less on short-term, one-off hacks to block a particular attack. Rack::Attack complements `iptables` and nginx's [limit_zone module](http://wiki.nginx.org/HttpLimitZoneModule). -## Thanks - -Thanks to [Kickstarter](https://github.com/kickstarter) for sponsoring Rack::Attack development - [![Travis CI](https://secure.travis-ci.org/ktheory/rack-attack.png)](http://travis-ci.org/ktheory/rack-attack) ## License