sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-03-25 09:25:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
rack-attack/examples/rack_attack.rb
Renée Hendricksen e1a0c804e1 suggesting changing whitelist/blacklist language to less controversial safelist/blocklist language 
add deprication warnings

fix the method signatures
2016-07-01 21:44:45 -04:00

26 lines
968 B
Ruby
Raw Blame History

# NB: `req` is a Rack::Request object (basically an env hash with friendly accessor methods)
# Throttle 10 requests/ip/second
# NB: return value of block is key name for counter
# falsy values bypass throttling
Rack::Attack.throttle("req/ip", :limit => 10, :period => 1) { |req| req.ip }
# Throttle attempts to a particular path. 2 POSTs to /login per second per IP
Rack::Attack.throttle "logins/ip", :limit => 2, :period => 1 do |req|
req.post? && req.path == "/login" && req.ip
end
# Throttle login attempts per email, 10/minute/email
Rack::Attack.throttle "logins/email", :limit => 2, :period => 60 do |req|
req.post? && req.path == "/login" && req.params['email']
end
# blocklist bad IPs from accessing admin pages
Rack::Attack.blocklist "bad_ips from logging in" do |req|
req.path =~ /^\/admin/ && bad_ips.include?(req.ip)
end
# safelist a User-Agent
Rack::Attack.safelist 'internal user agent' do |req|
req.user_agent == 'InternalUserAgent'
end
Reference in a new issue View git blame Copy permalink