sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-03-26 09:35:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
152 commits 1 branch 0 tags 1.1 MiB
Commit graph

50 commits

Author SHA1 Message Date
Aaron Suggs
7c6cead69c Version 3.0.0; update changelog 2014-03-15 08:01:55 -04:00
Will Kimeria
87f628d0c1 If redis client throws exception, don't raise it 
For throttling, when the redis client throws an exception, the request
ends up getting rate limited. Modify this to be similar to how
ActiveSupport.MemCacheStore functions (the read, write and increment
methods do not raise exceptions)
 2014-03-14 11:50:59 -07:00
Carsten Zimmermann
1095f85242 Change response body to 'Forbidden' 2014-02-06 23:29:44 +01:00
Carsten Zimmermann
97a43f7e66 Return 403 Forbidden instead of 401 
401 Unauthorized suggests that the requests can be
retried with appropriate credentials. 403 explicitly
states that the request should not be repeated.

See #41
 2014-02-06 21:32:51 +01:00
Jordan Moncharmont
273e045f10 fix edge case, if maxretry is 1, let them get 1 request in 2013-09-27 17:35:01 -07:00
Jordan Moncharmont
ef59c5182a Allow2Ban 
An alternate to fail2ban that allows clients until they hit the
thresholds, then blocks them.  Think of it like a throttle where you can
block for more than one period.
 2013-09-27 17:18:52 -07:00
Aaron Suggs
1d367f5acd version 2.3.0, update changelog, copy tweaks 2013-08-20 11:39:44 -04:00
Pedro Nascimento
ab6d7b239d Allow limit option to be a proc. 
This allows you to do stuff like:
`req.env["USER"] == "god" ? 1000 : 1`
 2013-08-19 19:47:48 -03:00
Aaron Suggs
98eec24a8c Update changelog, version 2.2.1 2013-08-05 21:14:16 -04:00
Alex Volkovitsky & Sachin Maharjan
cfbee2c552 Use correct HTTP status codes for blackist and throttle 2013-06-28 10:55:28 -07:00
Aaron Suggs
9388e98eb0 version 2.2.0 2013-06-20 11:05:00 -04:00
Aaron Suggs
24143dd195 Cleanup whitespace 2013-06-20 10:19:56 -04:00
madlep
2819e0d7a4 collapse fail2ban name/discriminator into one argument 2013-06-17 08:50:39 +10:00
madlep
94a304b815 reorder logic to not repeatedly extend ban after more failed requests 2013-06-14 12:49:53 +10:00
madlep
3f1c98a868 Fail2Ban helper 
based on gist from @ktheory https://gist.github.com/ktheory/5723534

Modified slightly to use fail2ban `filter` terminology to simplify
Rack::Attack initializer configuration (only one block is requred for
this approach instead of 2)
 2013-06-12 15:51:13 +10:00
madlep
6c259ea9be delegate Redis custom logic to StoreProxy 
this removes ugly `if redis blah` code from cache
 2013-06-12 15:03:39 +10:00
madlep
22fc386bad add read/write methods to cache 2013-06-12 15:03:24 +10:00
Aaron Suggs
d1cf2a2eea bump to version 2.1.1 2013-05-16 14:24:41 -04:00
Han Chang
2a91eb6c55 Fix #14 2013-05-10 22:08:31 +00:00
Aaron Suggs
22f051fa2d Merge pull request #10 from vipulnsward/mandatory_options 
extract mandatory options constant
 2013-05-03 07:41:02 -07:00
Vipul A M
7f3a24022b extract mandatory options constant 2013-05-03 09:25:43 +05:30
Vipul A M
709a2331c0 Remove unused var 2013-05-03 09:19:09 +05:30
Vipul A M
d3a9667474 Fix typos 2013-05-03 00:55:23 +05:30
Aaron Suggs
917d47758e Add newlines to default responses 2013-03-04 21:06:15 -05:00
Aaron Suggs
1c01e6097c bump to version 2.1.0 2013-02-25 22:39:11 -05:00
Aaron Suggs
cf508e1d18 Support RedisStore as cache store 
Add tests for different cache stores
 2013-02-25 12:09:59 -05:00
Aaron Suggs
27a13f6971 Clarify algorithm 2013-01-17 12:06:16 -05:00
Aaron Suggs
0ca7b8cfac whitespace 2013-01-17 12:06:16 -05:00
Aaron Suggs
3bcb453464 Version 2.0.0 2013-01-11 14:41:27 -05:00
Aaron Suggs
b577dae1c0 use each_value instead of each 2013-01-11 14:32:20 -05:00
Aaron Suggs
80367e1e4a Add Rack::Attack.track. 
track will fire notifications, but not alter request processing
 2013-01-10 19:02:49 -05:00
Aaron Suggs
eeb238b78d Use autoload instead of require 2013-01-10 18:36:31 -05:00
Aaron Suggs
5b864ca3d1 version bump 1.3.2 2012-08-15 18:16:12 -04:00
Aaron Suggs
f7a1eac521 Cache key time must be a fixnum 2012-08-15 18:16:12 -04:00
Aaron Suggs
853c9ceef3 Set :expires_in on throttle cache counters 
Should reduce memcached evictions
 2012-08-09 11:05:30 -04:00
Aaron Suggs
e7aa5f4abe Use rotating cache keys for throttle (instead of expiring) 
Throttles use a cache key with a timestamp (Time.now.to_i/period), so a
new cache key is used for each period.

No longer set an explicit expiry on each cache key (though it may
inherit a default expiry from the cache store).

Also, set env['rack.attack.throttle_data'] with info about incremented
(but not necessarily exceeded) throttles.
 2012-08-08 14:59:42 -04:00
Aaron Suggs
6784f21612 Better cache interface 2012-08-06 14:16:08 -04:00
Aaron Suggs
9c4dccac48 Make cache & notifier attr_accessors 
Easier config for non-rails apps
 2012-08-06 12:17:31 -04:00
Aaron Suggs
d50e779cdc version 1.0.0 2012-08-02 12:15:40 -04:00
Aaron Suggs
8e59e84e00 Response header values must be strings 2012-08-02 12:15:16 -04:00
Aaron Suggs
ccdc1f993a Change instrumentation API for simpler notifications 2012-07-30 15:44:22 -04:00
Aaron Suggs
61a046a203 Cleanup instrumentation interface 2012-07-30 09:34:30 -04:00
Aaron Suggs
cf49b00c00 DRY up initial values 2012-07-28 22:09:56 -04:00
Aaron Suggs
c90a0182eb Allow custom responses based on env 2012-07-28 19:51:24 -04:00
Aaron Suggs
dc2e402812 Initial working version 2012-07-27 17:40:11 -04:00
Aaron Suggs
e166e87fb9 Add throttle support 2012-07-27 17:22:49 -04:00
Aaron Suggs
c22c33f9ec add rake 2012-07-27 09:56:15 -04:00
Aaron Suggs
9284a08cc3 Whitelists support 2012-07-26 17:29:09 -04:00
Aaron Suggs
7fab5df499 WIP 2012-07-24 19:59:46 -04:00
Aaron Suggs
140ea86b7c Initial commit 2012-07-24 19:40:55 -04:00