From d05da7d39bede97a46871425bf69c82a2ad5b165 Mon Sep 17 00:00:00 2001
From: Zach Millman <zach.millman@gmail.com>
Date: Fri, 12 Jul 2013 14:19:45 -0700
Subject: [PATCH] Explain why Rack::Attack returns 503 instead of 429 in README

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 585bc78..cb65603 100644
--- a/README.md
+++ b/README.md
@@ -186,6 +186,8 @@ For responses that did not exceed a throttle limit, Rack::Attack annotates the e
     request.env['rack.attack.throttle_data'][name] # => { :count => n, :period => p, :limit => l }
 ```
 
+Note that Rack::Attack uses 503 Service Unavailable by default instead of 429 Too Many Requests for throttling because it may make attacker think that they have successfully DOSed the site.
+
 ## Logging & Instrumentation
 
 Rack::Attack uses the [ActiveSupport::Notifications](http://api.rubyonrails.org/classes/ActiveSupport/Notifications.html) API if available.