sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-03-25 09:25:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
317 commits 1 branch 0 tags 1.1 MiB
Commit graph

317 commits

This branch
This branch
All branches
Author SHA1 Message Date
Aaron Suggs
ff22014a03 [tests] Fix gotcha with new activesupport redis versions 
This fixes the error:

    uninitialized constant ActiveSupport::VERSION

when loading active_support/cache/redis_store
 2016-07-11 15:23:06 -04:00
Aaron Suggs
e3dfd0dd1c Merge pull request #186 from kickstarter/rails5 
Add tests for ActiveSupport 5.0
 2016-07-05 15:07:59 -04:00
Aaron Suggs
8a6e1e6c03 Add tests for ActiveSupport 5.0 2016-07-05 14:27:49 -04:00
Aaron Suggs
e5e3ead0a5 Merge pull request #185 from ktheory/gemfile-tweaks 
Remove ruby2.0 exceptions from gemfiles
 2016-07-05 11:33:45 -04:00
Aaron Suggs
ac4975e692 Remove ruby2.0 exceptions from gemfiles 
..since I stopped testing it in #184
 2016-07-04 22:46:54 -04:00
Aaron Suggs
eb987a1caf Update changelog for v5.0.0.beta1 2016-07-04 22:33:55 -04:00
Aaron Suggs
f9a67202e4 Merge pull request #183 from ktheory/v5.0-prep 
More safelist/blocklist refactoring
 2016-07-04 22:28:11 -04:00
Aaron Suggs
1bc85fa139 Merge pull request #184 from ktheory/travis-modern-rubies 
Drop tests for ruby 2.0.
 2016-07-04 22:27:50 -04:00
Aaron Suggs
f6762dfc63 Drop test coverage for activesupport 3.2/4.0; dalli 1.1 
They’re EOL, and the tests are a pain to maintain.
 2016-07-04 22:12:55 -04:00
Aaron Suggs
eb9331fb8c whitespace 2016-07-04 21:42:44 -04:00
Aaron Suggs
e8433f7693 Bump to version v5.0.0.beta1 2016-07-04 21:42:44 -04:00
Aaron Suggs
f5f08d56e5 More safelist/blocklist refactoring 
- Add Rack::Attack namespace to deprecation warning.
- Add deprecated Rack::Attack.blacklisted_response attr methods.
 2016-07-04 21:42:41 -04:00
Aaron Suggs
118d0afe26 Drop tests for ruby 2.0. 
It’s EOL, so we’re not supporting it anymore.
 2016-07-04 21:35:05 -04:00
Aaron Suggs
4f462c33dc Merge pull request #181 from renee-travisci/language_change_suggestion 
Rename blacklist/whitelist to blocklist/safelist.
 2016-07-04 21:08:18 -04:00
Renée Hendricksen
e1a0c804e1 suggesting changing whitelist/blacklist language to less controversial safelist/blocklist language 
add deprication warnings

fix the method signatures
 2016-07-01 21:44:45 -04:00
Aaron Suggs
e20c628460 Merge pull request #182 from renee-travisci/fix_master_tests 
Fix master tests
 2016-07-01 21:33:15 -04:00
Renée Hendricksen
c3ccb6f641 working Travis CI tests 2016-07-01 18:22:21 -04:00
Aaron Suggs
3bbf9b0b5b Copyright Kickstarter, PBC 2016-05-18 06:27:47 -04:00
Aaron Suggs
58924168cc update changelog for v4.4.1 2016-02-17 09:50:43 -05:00
Aaron Suggs
63ee77911e Merge pull request #165 from kickstarter/fix-dalli-dependency 
Refactor StoreProxy to avoid autoloading MemCacheStore
 2016-02-17 09:45:31 -05:00
Aaron Suggs
cf89457ced bump v4.4.1 2016-02-16 17:37:59 -05:00
Aaron Suggs
9d90610bbe Refactor StoreProxy to avoid autoloading MemCacheStore 
In v4.4.0, checking `defined?(ActiveSupport::Cache::MemCacheStore)`
could trigger an error loading dalli, which isn’t needed.

This fixes that bug, and prevents similar bugs by checking
`store.class.to_s` rather than `defined?(klass) && store.is_a?(klass)`.

Writing an automated test to ensure that dalli is truly optional is
difficult, but I was able to recreate the dalli load error in v4.4.0 by
running:

    gem uninstall dalli
    ruby -Ilib -ractive_support/all -ractive_support/cache/redis_store
-rrack/attack -e 'p Rack::Attack::StoreProxy.build(Redis::Store.new)'

Fixes #163
 2016-02-16 16:59:24 -05:00
Aaron Suggs
14c7020242 Fix typo in changelog 2016-02-10 15:35:40 -05:00
Aaron Suggs
d8b9e2f111 v4.4.0 
Update changelog
 2016-02-10 15:05:43 -05:00
Aaron Suggs
d65796bfc0 Merge pull request #153 from elhu/master 
feature: support for ActiveSupport::MemCacheStore
 2016-02-08 13:59:14 -05:00
Vincent Boisard
585d1fd02c Revert "refactor unwieldy Rack::Attack::StoreProxy.build method" 
This reverts commit 8d124d868e.
 2016-01-12 11:45:44 +01:00
Aaron Suggs
18147e244e Merge pull request #158 from fighterleslie/typoFix 
Fix typo in README.md
 2016-01-08 09:46:56 -05:00
Leslie Zhang
7af55447cc Fix typo in README.md 2016-01-08 15:33:44 +08:00
Vincent Boisard
c34bace773 style: remove extraneous whitespace 2016-01-07 22:45:11 +01:00
Vincent Boisard
8d124d868e refactor unwieldy Rack::Attack::StoreProxy.build method 2016-01-07 21:16:35 +01:00
Vincent Boisard
ba9f2c3be6 fix: move dev depencies to gemspec 2016-01-07 21:00:36 +01:00
Vincent Boisard
32df84df54 fix: check whether client class is defined before checking client itself 2015-12-29 10:19:13 +01:00
Vincent Boisard
297ef4a2ae Merge branch 'master' of github.com:kickstarter/rack-attack 2015-12-29 10:10:36 +01:00
Aaron Suggs
d911a89b5c Merge pull request #157 from ktheory/fix-appraisals 
Fix Appraisals & gemfile tests
 2015-12-21 14:17:48 -05:00
Aaron Suggs
57f513e1e9 Fix Appraisals & gemfile tests 
The gemfiles had drifted from the Appraisals file from which they’re
generated.
 2015-12-21 09:34:21 -05:00
Aaron Suggs
4ec58e36de Version v4.3.1 2015-12-18 11:43:14 -05:00
Aaron Suggs
76c2e31430 Normalize request paths when using Rails' ActionDispatch 
The issue
---

When using rack-attack with a rails app, developers expect the request
path to be normalized. In particular, trailing slashes are stripped so
a request path "/login/" becomes "/login" by the time you're in
ActionController.

Since Rack::Attack runs before ActionDispatch, the request path is not
yet normalized. This can cause throttles and blacklists to not work as
expected.

E.g., a throttle:

    throttle('logins', ...) {|req| req.path == "/login" }

would not match a request to '/login/', though Rails would route
'/login/' to the same '/login' action.

The solution
---

This patch looks if ActionDispatch's request normalization is loaded,
and if so, uses it to normalize the path before processing throttles,
blacklists, etc.

If it's not loaded, the request path is not modified.

Credit
---
Thanks to Andres Riancho at Include Security for reporting this issue.
 2015-12-18 11:12:11 -05:00
Aaron Suggs
bbf8a488ab Merge pull request #155 from ktheory/guard-testing 
Development testing improvements with guard and pry
 2015-12-18 09:29:35 -05:00
Aaron Suggs
2b75edacfd Merge pull request #149 from watsonbox/readme-scoping-fail2ban 
Add note to README.md about scoping of Fail2Ban filters
 2015-12-18 09:00:03 -05:00
Aaron Suggs
11faea4526 specs: use pry instead of debugger 2015-12-18 08:55:09 -05:00
Aaron Suggs
bd27009f43 Add Guard testing support 
While developing rack-attack, run tests continuously with `bundle exec
guard`
 2015-12-18 08:54:19 -05:00
Vincent Boisard
d880bd88e0 fix: workaround MemCacheClient + MemCache backend by using a dedicated proxy 2015-12-16 16:57:54 +01:00
Vincent Boisard
faa0638719 fix: Do not attempt to process Memcache clients with DalliProxy 2015-12-08 18:55:06 +01:00
Vincent Boisard
397a7ce7b4 feature: support for ActiveSupport::MemCacheStore 2015-12-08 10:53:53 +01:00
Aaron Suggs
6789b28c7b Merge pull request #152 from ktheory/readme-ipv6-localhost 
README: add ipv6 example
 2015-11-30 10:09:42 -06:00
Aaron Suggs
b32148e0be README: add ipv6 example 
Per #151
 2015-11-30 10:52:15 -05:00
Aaron Suggs
a937df3789 Merge pull request #148 from pisaacs/pisaacs-update-travis-ruby-patch-2-1-7 
Test ruby 2.1.7
 2015-11-20 19:30:49 -05:00
Aaron Suggs
8d2dbf3400 Merge pull request #150 from ktheory/drop-ruby-1.9 
Remove support for ruby 1.9
 2015-11-20 14:44:26 -05:00
Aaron Suggs
40213a4749 Update CHANGELOG: drop ruby 1.9 support 2015-11-20 12:39:10 -05:00
Aaron Suggs
558dc3555c Merge pull request #144 from jamesprior/patch-1 
Updating the readme
 2015-11-09 08:59:51 -05:00