sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-03-25 09:25:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
279 commits 1 branch 0 tags 1.1 MiB
Commit graph

279 commits

This branch
This branch
All branches
Author SHA1 Message Date
Aaron Suggs
4ec58e36de Version v4.3.1 2015-12-18 11:43:14 -05:00
Aaron Suggs
76c2e31430 Normalize request paths when using Rails' ActionDispatch 
The issue
---

When using rack-attack with a rails app, developers expect the request
path to be normalized. In particular, trailing slashes are stripped so
a request path "/login/" becomes "/login" by the time you're in
ActionController.

Since Rack::Attack runs before ActionDispatch, the request path is not
yet normalized. This can cause throttles and blacklists to not work as
expected.

E.g., a throttle:

    throttle('logins', ...) {|req| req.path == "/login" }

would not match a request to '/login/', though Rails would route
'/login/' to the same '/login' action.

The solution
---

This patch looks if ActionDispatch's request normalization is loaded,
and if so, uses it to normalize the path before processing throttles,
blacklists, etc.

If it's not loaded, the request path is not modified.

Credit
---
Thanks to Andres Riancho at Include Security for reporting this issue.
 2015-12-18 11:12:11 -05:00
Aaron Suggs
bbf8a488ab Merge pull request #155 from ktheory/guard-testing 
Development testing improvements with guard and pry
 2015-12-18 09:29:35 -05:00
Aaron Suggs
2b75edacfd Merge pull request #149 from watsonbox/readme-scoping-fail2ban 
Add note to README.md about scoping of Fail2Ban filters
 2015-12-18 09:00:03 -05:00
Aaron Suggs
11faea4526 specs: use pry instead of debugger 2015-12-18 08:55:09 -05:00
Aaron Suggs
bd27009f43 Add Guard testing support 
While developing rack-attack, run tests continuously with `bundle exec
guard`
 2015-12-18 08:54:19 -05:00
Aaron Suggs
6789b28c7b Merge pull request #152 from ktheory/readme-ipv6-localhost 
README: add ipv6 example
 2015-11-30 10:09:42 -06:00
Aaron Suggs
b32148e0be README: add ipv6 example 
Per #151
 2015-11-30 10:52:15 -05:00
Aaron Suggs
a937df3789 Merge pull request #148 from pisaacs/pisaacs-update-travis-ruby-patch-2-1-7 
Test ruby 2.1.7
 2015-11-20 19:30:49 -05:00
Aaron Suggs
8d2dbf3400 Merge pull request #150 from ktheory/drop-ruby-1.9 
Remove support for ruby 1.9
 2015-11-20 14:44:26 -05:00
Aaron Suggs
40213a4749 Update CHANGELOG: drop ruby 1.9 support 2015-11-20 12:39:10 -05:00
Aaron Suggs
558dc3555c Merge pull request #144 from jamesprior/patch-1 
Updating the readme
 2015-11-09 08:59:51 -05:00
Howard Wilson
4d5e859a12 Add note to README.md about scoping of Fail2Ban filters 2015-11-09 13:43:50 +01:00
pisaacs
a8d124568d Test ruby 2.1.7 2015-11-07 22:46:39 -05:00
Aaron Suggs
ad1cb68daf Merge pull request #147 from pisaacs/pisaacs-update-travis-ruby-patch 
Test ruby 2.2.3
 2015-11-07 21:56:21 -05:00
pisaacs
31d095a6ae Merge pull request #1 from pisaacs/pisaacs-update-travis-ruby-patch 
Test ruby 2.2.3
 2015-11-07 19:09:53 -05:00
pisaacs
6ea21a3544 Test ruby 2.2.3 2015-11-07 18:51:40 -05:00
Aaron Suggs
2b14a1528b Remove support for ruby 1.9 2015-11-06 10:32:14 -05:00
jamesprior
6d787147db Updating readme 
Setting up example for multiple filter support, adding note to documentation
 2015-11-06 10:01:54 -05:00
jamesprior
c8f8f85af2 Updating the readme 
- Notes that the rails cache is also used for fail2ban
- Notes that all fail2ban filters use the same cache for counting and banning
- Expands sample fail2ban filter example to include more matches
 2015-10-23 15:57:04 -04:00
Aaron Suggs
b631398957 Merge pull request #137 from ferdinandrosario/ferdinandrosario-patch-1 
updated ruby patch version
 2015-07-22 07:20:59 -04:00
ferdinand
a6ae7e574a updated ruby patch version 2015-07-22 11:59:22 +05:30
Aaron Suggs
899c00ebe2 Merge pull request #135 from zmillman/patch-1 
Update code of conduct for tone
 2015-07-09 00:14:13 -04:00
Zach Millman
ac674d082a Addendum to prev. commit 2015-07-08 13:38:22 -07:00
Zach Millman
cda4b591f8 Better enforcement subhead on code of conduct 2015-07-08 13:37:31 -07:00
Zach Millman
951d854fa6 Update code of conduct for tone 
Subheadings, emoji, and assorted copy tweaks to more closely match project documentation writing style
 2015-07-08 10:11:19 -07:00
Aaron Suggs
b917cb81eb Merge pull request #134 from kickstarter/coc 
Add Code of Conduct
 2015-07-08 09:34:56 -04:00
Aaron Suggs
85968904ee Add Code of Conduct 
From Contributor Covenant: http://contributor-covenant.org
 2015-07-07 14:27:10 -04:00
Aaron Suggs
ab0d17c3ef rake: add bundler/gem_tasks 2015-05-22 15:10:34 -04:00
Aaron Suggs
1981b38063 [travis] Test activesupport 4.2 2015-05-22 14:29:08 -04:00
Aaron Suggs
3aee014a8c [travis] Test ruby 2.2.2 2015-05-22 13:49:32 -04:00
Aaron Suggs
64fe10f64e Clarifying comments for #delete spec method 2015-05-22 13:48:32 -04:00
Aaron Suggs
b29a7a89de Update CHANGELOG for release 2015-05-22 13:48:15 -04:00
Aaron Suggs
f0941a225b Merge pull request #128 from stanhu/support-reset-throttles 
Provide the ability to reset Fail2Ban count and ban flag
 2015-05-22 13:43:28 -04:00
Stan Hu
91947b83a4 Support the ability to reset Fail2Ban count and ban flag 
Closes #113
 2015-05-22 09:47:32 -04:00
Aaron Suggs
919976cb64 Merge pull request #129 from HayleyCAnderson/master 
Fix typos in README
 2015-05-14 13:43:48 -04:00
Hayley Anderson
e1e315181a Fix typos 
* Change "you Gemfile" to "your Gemfile"
* Change "config/initalizers" to "config/initializers"
 2015-05-13 11:30:25 -04:00
Aaron Suggs
e25ab0a313 Merge pull request #124 from jasl/patch-1 
Update README.md
 2015-04-18 21:58:33 -04:00
Jun Jiang
0b3c638409 Update README.md 2015-04-19 06:14:03 +08:00
Aaron Suggs
3e0fcc24a4 Update changelog 2015-04-16 14:14:55 -04:00
Aaron Suggs
0ec73d956b Merge pull request #119 from stanhu/add-delete-interface 
Support delete method for Redis
 2015-04-16 14:11:58 -04:00
Aaron Suggs
1dd29f66b8 Update changelog for #118; bump to v4.3.0 2015-04-16 14:06:46 -04:00
Aaron Suggs
7dd9a9dd8a Merge pull request #118 from stanhu/fix-redis-write-options 
Pass `raw: true` to prevent Ruby de/serialization. This is to make it po...
 2015-04-16 13:54:17 -04:00
Stan Hu
ff15447f3a Support delete method for Redis 2015-03-15 12:13:44 -07:00
Stan Hu
dc1b6bf687 Pass raw: true to prevent Ruby de/serialization. This is to make it possible 
to implement something like:

```store.write(key, 0, :expires_in => expires_in)```

See #113
 2015-03-15 07:18:18 -07:00
Aaron Suggs
efdef7f45c Merge branch 'lucaspinto-master' 
Fixes #117
 2015-03-06 15:48:42 -05:00
Aaron Suggs
77d0493bc4 README: link to Rack::Request documentation 2015-03-06 15:47:32 -05:00
Lucas "medk" Pinto
5fbe7de686 Change Rack::Request URL in the README 2015-03-06 13:37:33 +01:00
Aaron Suggs
b0bf74f9d9 Fix test assertion 2015-01-27 16:18:55 -05:00
Aaron Suggs
0c0e6a6e85 Merge pull request #104 from dlackty/patch-1 
Update changelog for 4.2.0
 2014-11-21 10:03:59 -05:00