sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-03-25 09:25:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
871 commits 1 branch 0 tags 1.1 MiB
Commit graph

200 commits

Author SHA1 Message Date
Stan Hu
91947b83a4 Support the ability to reset Fail2Ban count and ban flag 
Closes #113
 2015-05-22 09:47:32 -04:00
Stan Hu
ff15447f3a Support delete method for Redis 2015-03-15 12:13:44 -07:00
Aaron Suggs
b0bf74f9d9 Fix test assertion 2015-01-27 16:18:55 -05:00
Genadi Samokovarov
d9a5587676 Allow throttle period option to be a proc 
I need to filter requests on a period I need to get dynamically out of
information I have in the requests. Currently, I can work out the limit,
as it can be a `Proc`, however I can't do that with the period.

This PR adds support for that. Tried to do it in a way that doesn't
brake backwards compatibility, as periods are coerced to numbers during
`Rack::Throttle` initialization.
 2014-09-19 19:32:39 +02:00
Paul Coates
e8d98a7ad3 Changed track checker to track filter. Made track filter tests more clear. 2014-05-22 10:11:23 -07:00
Paul Coates
1ebe1c3517 Added limit and period options to track. Delegates [] to Throttle if they are present otherwise Check. 2014-05-19 11:11:01 -07:00
blahed
97dce48bfc add throttle discriminator to rack env 2014-05-01 22:20:13 -04:00
Aaron Suggs
833e1e937d Integration tests: use 127.0.0.1 instead of localhost 2014-04-25 13:19:22 -05:00
hakanensari
5ff5bf44ba Don't memoize in test 
I don’t think this has any side effect, but still…
 2014-04-17 18:21:13 +01:00
hakanensari
5d72c6e5f9 Move individual proxy classes to separate files 2014-04-15 16:19:43 +01:00
hakanensari
bf40123c04 Move offline case to separate file 2014-04-15 16:17:27 +01:00
hakanensari
f0a53f474e Stub #with on delegator 2014-04-09 13:15:00 +01:00
hakanensari
937cd3ca20 Merge branch 'master' into patch-3 2014-04-09 12:17:10 +01:00
hakanensari
1c0bc3da4d Merge branch 'patch-2' into patch-3 
Conflicts:
	lib/rack/attack/store_proxy.rb
 2014-04-09 12:16:16 +01:00
Tristan Dunn
16f1cfc578 Add a custom request class to allow for helper methods. 
Fixes #58.
 2014-04-04 14:41:59 -05:00
hakanensari
128c5aa9bf Support a Dalli Connection Pool 2014-04-01 12:10:32 +01:00
hakanensari
adab844784 Support older dalli client versions 2014-04-01 11:21:14 +01:00
hakanensari
a7ec48fb44 Implement Proxy for Dalli 
kickstarter/rack-attack#52
 2014-03-26 21:54:12 +00:00
Aaron Suggs
671f3d4c40 [travisci] Fix Errno::ENETUNREACH errors in redis integration tests 2014-03-15 14:51:15 -04:00
Aaron Suggs
2a7ae7d84d Integration tests: less flakiness by sleeping more 2014-03-15 14:41:50 -04:00
Aaron Suggs
cabadf3dc0 Better organize integration tests 
Add rake tasks `test:units` and `test:integration`

Run integration tests by default on TravisCi.
Run memcached and redis on TravisCi.
 2014-03-15 14:21:37 -04:00
Will Kimeria
87f628d0c1 If redis client throws exception, don't raise it 
For throttling, when the redis client throws an exception, the request
ends up getting rate limited. Modify this to be similar to how
ActiveSupport.MemCacheStore functions (the read, write and increment
methods do not raise exceptions)
 2014-03-14 11:50:59 -07:00
Carsten Zimmermann
1095f85242 Change response body to 'Forbidden' 2014-02-06 23:29:44 +01:00
Carsten Zimmermann
97a43f7e66 Return 403 Forbidden instead of 401 
401 Unauthorized suggests that the requests can be
retried with appropriate credentials. 403 explicitly
states that the request should not be repeated.

See #41
 2014-02-06 21:32:51 +01:00
Aaron Suggs
c42e035f62 specs: fix MiniTest typo for older ruby versions 2013-10-09 15:31:52 -04:00
Jordan Moncharmont
273e045f10 fix edge case, if maxretry is 1, let them get 1 request in 2013-09-27 17:35:01 -07:00
Jordan Moncharmont
ef59c5182a Allow2Ban 
An alternate to fail2ban that allows clients until they hit the
thresholds, then blocks them.  Think of it like a throttle where you can
block for more than one period.
 2013-09-27 17:18:52 -07:00
Aaron Suggs
1d367f5acd version 2.3.0, update changelog, copy tweaks 2013-08-20 11:39:44 -04:00
Pedro Nascimento
ab6d7b239d Allow limit option to be a proc. 
This allows you to do stuff like:
`req.env["USER"] == "god" ? 1000 : 1`
 2013-08-19 19:47:48 -03:00
Alex Volkovitsky & Sachin Maharjan
f348643c24 Fix spec expectations 2013-06-28 13:59:31 -07:00
Aaron Suggs
24143dd195 Cleanup whitespace 2013-06-20 10:19:56 -04:00
madlep
2819e0d7a4 collapse fail2ban name/discriminator into one argument 2013-06-17 08:50:39 +10:00
madlep
baffa83687 spec for Fail2Ban 2013-06-14 15:37:02 +10:00
madlep
6c259ea9be delegate Redis custom logic to StoreProxy 
this removes ugly `if redis blah` code from cache
 2013-06-12 15:03:39 +10:00
madlep
22fc386bad add read/write methods to cache 2013-06-12 15:03:24 +10:00
Vipul A M
384892ce4c Make debugger dependency only for ruby platforms 2013-05-06 20:58:01 +05:30
Vipul A M
4fcbe790ed Remove debugger dependency, as it isn't used 2013-05-06 11:53:58 +05:30
Aaron Suggs
ecec8576ae Show some minitest pride 2013-03-04 21:06:53 -05:00
Aaron Suggs
cf508e1d18 Support RedisStore as cache store 
Add tests for different cache stores
 2013-02-25 12:09:59 -05:00
Aaron Suggs
80367e1e4a Add Rack::Attack.track. 
track will fire notifications, but not alter request processing
 2013-01-10 19:02:49 -05:00
Aaron Suggs
e7aa5f4abe Use rotating cache keys for throttle (instead of expiring) 
Throttles use a cache key with a timestamp (Time.now.to_i/period), so a
new cache key is used for each period.

No longer set an explicit expiry on each cache key (though it may
inherit a default expiry from the cache store).

Also, set env['rack.attack.throttle_data'] with info about incremented
(but not necessarily exceeded) throttles.
 2012-08-08 14:59:42 -04:00
Aaron Suggs
8e59e84e00 Response header values must be strings 2012-08-02 12:15:16 -04:00
Aaron Suggs
ccdc1f993a Change instrumentation API for simpler notifications 2012-07-30 15:44:22 -04:00
Aaron Suggs
61a046a203 Cleanup instrumentation interface 2012-07-30 09:34:30 -04:00
Aaron Suggs
c90a0182eb Allow custom responses based on env 2012-07-28 19:51:24 -04:00
Aaron Suggs
dc2e402812 Initial working version 2012-07-27 17:40:11 -04:00
Aaron Suggs
e166e87fb9 Add throttle support 2012-07-27 17:22:49 -04:00
Aaron Suggs
9284a08cc3 Whitelists support 2012-07-26 17:29:09 -04:00
Aaron Suggs
7fab5df499 WIP 2012-07-24 19:59:46 -04:00
Aaron Suggs
140ea86b7c Initial commit 2012-07-24 19:40:55 -04:00