Created
July 25, 2012 14:31
-
-
Save ktheory/3176474 to your computer and use it in GitHub Desktop.
rack-attack DSL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # NB: `req` is a Rack::Request object (basically an env hash with friendly accessor methods) | |
| # Throttle 10 requests/ip/second | |
| # NB: return value of block is key name for counter | |
| # falsy values bypass throttling | |
| Rack::Attack.throttle("req/ip", :limit => 10, :period => 1.second) { |req| req.ip } | |
| # Block cloud IPs from accessing PATH regexp | |
| Rack::Attack.block "bad_ips from logging in" do |req| | |
| req.path =~ /^login/ && bad_ips.include?(req.ip) | |
| end | |
| # Throttle login attempts | |
| Rack::Attack.throttle "logins/ip", :limit => 2, :period => 1.second do | req| | |
| req.ip if req.post? && req.path_info =~ /^login/ | |
| end | |
| # Whitelist a User-Agent | |
| Rack::Attack.whitelist 'internal user agent' do |req| | |
| req.user_agent =~ 'InternalUserAgent' | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Back to what I was saying on ordering - putting the whitelist last is confusing since you don't specify the order, you just have to know that a whitelist will bypass everything (which, I think I agree with you on ;))