sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-03-25 09:25:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
301 commits 1 branch 0 tags 1.1 MiB
Commit graph

301 commits

This branch
This branch
All branches
Author SHA1 Message Date
Renée Hendricksen
c3ccb6f641 working Travis CI tests 2016-07-01 18:22:21 -04:00
Aaron Suggs
3bbf9b0b5b Copyright Kickstarter, PBC 2016-05-18 06:27:47 -04:00
Aaron Suggs
58924168cc update changelog for v4.4.1 2016-02-17 09:50:43 -05:00
Aaron Suggs
63ee77911e Merge pull request #165 from kickstarter/fix-dalli-dependency 
Refactor StoreProxy to avoid autoloading MemCacheStore
 2016-02-17 09:45:31 -05:00
Aaron Suggs
cf89457ced bump v4.4.1 2016-02-16 17:37:59 -05:00
Aaron Suggs
9d90610bbe Refactor StoreProxy to avoid autoloading MemCacheStore 
In v4.4.0, checking `defined?(ActiveSupport::Cache::MemCacheStore)`
could trigger an error loading dalli, which isn’t needed.

This fixes that bug, and prevents similar bugs by checking
`store.class.to_s` rather than `defined?(klass) && store.is_a?(klass)`.

Writing an automated test to ensure that dalli is truly optional is
difficult, but I was able to recreate the dalli load error in v4.4.0 by
running:

    gem uninstall dalli
    ruby -Ilib -ractive_support/all -ractive_support/cache/redis_store
-rrack/attack -e 'p Rack::Attack::StoreProxy.build(Redis::Store.new)'

Fixes #163
 2016-02-16 16:59:24 -05:00
Aaron Suggs
14c7020242 Fix typo in changelog 2016-02-10 15:35:40 -05:00
Aaron Suggs
d8b9e2f111 v4.4.0 
Update changelog
 2016-02-10 15:05:43 -05:00
Aaron Suggs
d65796bfc0 Merge pull request #153 from elhu/master 
feature: support for ActiveSupport::MemCacheStore
 2016-02-08 13:59:14 -05:00
Vincent Boisard
585d1fd02c Revert "refactor unwieldy Rack::Attack::StoreProxy.build method" 
This reverts commit 8d124d868e.
 2016-01-12 11:45:44 +01:00
Aaron Suggs
18147e244e Merge pull request #158 from fighterleslie/typoFix 
Fix typo in README.md
 2016-01-08 09:46:56 -05:00
Leslie Zhang
7af55447cc Fix typo in README.md 2016-01-08 15:33:44 +08:00
Vincent Boisard
c34bace773 style: remove extraneous whitespace 2016-01-07 22:45:11 +01:00
Vincent Boisard
8d124d868e refactor unwieldy Rack::Attack::StoreProxy.build method 2016-01-07 21:16:35 +01:00
Vincent Boisard
ba9f2c3be6 fix: move dev depencies to gemspec 2016-01-07 21:00:36 +01:00
Vincent Boisard
32df84df54 fix: check whether client class is defined before checking client itself 2015-12-29 10:19:13 +01:00
Vincent Boisard
297ef4a2ae Merge branch 'master' of github.com:kickstarter/rack-attack 2015-12-29 10:10:36 +01:00
Aaron Suggs
d911a89b5c Merge pull request #157 from ktheory/fix-appraisals 
Fix Appraisals & gemfile tests
 2015-12-21 14:17:48 -05:00
Aaron Suggs
57f513e1e9 Fix Appraisals & gemfile tests 
The gemfiles had drifted from the Appraisals file from which they’re
generated.
 2015-12-21 09:34:21 -05:00
Aaron Suggs
4ec58e36de Version v4.3.1 2015-12-18 11:43:14 -05:00
Aaron Suggs
76c2e31430 Normalize request paths when using Rails' ActionDispatch 
The issue
---

When using rack-attack with a rails app, developers expect the request
path to be normalized. In particular, trailing slashes are stripped so
a request path "/login/" becomes "/login" by the time you're in
ActionController.

Since Rack::Attack runs before ActionDispatch, the request path is not
yet normalized. This can cause throttles and blacklists to not work as
expected.

E.g., a throttle:

    throttle('logins', ...) {|req| req.path == "/login" }

would not match a request to '/login/', though Rails would route
'/login/' to the same '/login' action.

The solution
---

This patch looks if ActionDispatch's request normalization is loaded,
and if so, uses it to normalize the path before processing throttles,
blacklists, etc.

If it's not loaded, the request path is not modified.

Credit
---
Thanks to Andres Riancho at Include Security for reporting this issue.
 2015-12-18 11:12:11 -05:00
Aaron Suggs
bbf8a488ab Merge pull request #155 from ktheory/guard-testing 
Development testing improvements with guard and pry
 2015-12-18 09:29:35 -05:00
Aaron Suggs
2b75edacfd Merge pull request #149 from watsonbox/readme-scoping-fail2ban 
Add note to README.md about scoping of Fail2Ban filters
 2015-12-18 09:00:03 -05:00
Aaron Suggs
11faea4526 specs: use pry instead of debugger 2015-12-18 08:55:09 -05:00
Aaron Suggs
bd27009f43 Add Guard testing support 
While developing rack-attack, run tests continuously with `bundle exec
guard`
 2015-12-18 08:54:19 -05:00
Vincent Boisard
d880bd88e0 fix: workaround MemCacheClient + MemCache backend by using a dedicated proxy 2015-12-16 16:57:54 +01:00
Vincent Boisard
faa0638719 fix: Do not attempt to process Memcache clients with DalliProxy 2015-12-08 18:55:06 +01:00
Vincent Boisard
397a7ce7b4 feature: support for ActiveSupport::MemCacheStore 2015-12-08 10:53:53 +01:00
Aaron Suggs
6789b28c7b Merge pull request #152 from ktheory/readme-ipv6-localhost 
README: add ipv6 example
 2015-11-30 10:09:42 -06:00
Aaron Suggs
b32148e0be README: add ipv6 example 
Per #151
 2015-11-30 10:52:15 -05:00
Aaron Suggs
a937df3789 Merge pull request #148 from pisaacs/pisaacs-update-travis-ruby-patch-2-1-7 
Test ruby 2.1.7
 2015-11-20 19:30:49 -05:00
Aaron Suggs
8d2dbf3400 Merge pull request #150 from ktheory/drop-ruby-1.9 
Remove support for ruby 1.9
 2015-11-20 14:44:26 -05:00
Aaron Suggs
40213a4749 Update CHANGELOG: drop ruby 1.9 support 2015-11-20 12:39:10 -05:00
Aaron Suggs
558dc3555c Merge pull request #144 from jamesprior/patch-1 
Updating the readme
 2015-11-09 08:59:51 -05:00
Howard Wilson
4d5e859a12 Add note to README.md about scoping of Fail2Ban filters 2015-11-09 13:43:50 +01:00
pisaacs
a8d124568d Test ruby 2.1.7 2015-11-07 22:46:39 -05:00
Aaron Suggs
ad1cb68daf Merge pull request #147 from pisaacs/pisaacs-update-travis-ruby-patch 
Test ruby 2.2.3
 2015-11-07 21:56:21 -05:00
pisaacs
31d095a6ae Merge pull request #1 from pisaacs/pisaacs-update-travis-ruby-patch 
Test ruby 2.2.3
 2015-11-07 19:09:53 -05:00
pisaacs
6ea21a3544 Test ruby 2.2.3 2015-11-07 18:51:40 -05:00
Aaron Suggs
2b14a1528b Remove support for ruby 1.9 2015-11-06 10:32:14 -05:00
jamesprior
6d787147db Updating readme 
Setting up example for multiple filter support, adding note to documentation
 2015-11-06 10:01:54 -05:00
jamesprior
c8f8f85af2 Updating the readme 
- Notes that the rails cache is also used for fail2ban
- Notes that all fail2ban filters use the same cache for counting and banning
- Expands sample fail2ban filter example to include more matches
 2015-10-23 15:57:04 -04:00
Aaron Suggs
b631398957 Merge pull request #137 from ferdinandrosario/ferdinandrosario-patch-1 
updated ruby patch version
 2015-07-22 07:20:59 -04:00
ferdinand
a6ae7e574a updated ruby patch version 2015-07-22 11:59:22 +05:30
Aaron Suggs
899c00ebe2 Merge pull request #135 from zmillman/patch-1 
Update code of conduct for tone
 2015-07-09 00:14:13 -04:00
Zach Millman
ac674d082a Addendum to prev. commit 2015-07-08 13:38:22 -07:00
Zach Millman
cda4b591f8 Better enforcement subhead on code of conduct 2015-07-08 13:37:31 -07:00
Zach Millman
951d854fa6 Update code of conduct for tone 
Subheadings, emoji, and assorted copy tweaks to more closely match project documentation writing style
 2015-07-08 10:11:19 -07:00
Aaron Suggs
b917cb81eb Merge pull request #134 from kickstarter/coc 
Add Code of Conduct
 2015-07-08 09:34:56 -04:00
Aaron Suggs
85968904ee Add Code of Conduct 
From Contributor Covenant: http://contributor-covenant.org
 2015-07-07 14:27:10 -04:00