[STABLE] Add Rack::Attack
parent
671cb99137
commit
35f6c27837
1
Gemfile
1
Gemfile
|
@ -13,6 +13,7 @@ gem "rack-cors"
|
|||
gem "mysql"
|
||||
gem "database_cleaner"
|
||||
gem "rollbar"
|
||||
gem "rack-attack"
|
||||
|
||||
group :development, :test do
|
||||
gem "sqlite3"
|
||||
|
|
|
@ -102,6 +102,8 @@ GEM
|
|||
method_source (~> 0.8.1)
|
||||
slop (~> 3.4)
|
||||
rack (2.0.1)
|
||||
rack-attack (5.0.1)
|
||||
rack
|
||||
rack-cors (0.4.0)
|
||||
rack-test (0.6.3)
|
||||
rack (>= 1.0)
|
||||
|
@ -209,6 +211,7 @@ DEPENDENCIES
|
|||
mysql2
|
||||
pg
|
||||
pry
|
||||
rack-attack
|
||||
rack-cors
|
||||
rails (= 5.0.0.1)
|
||||
rails-erd
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
class Rack::Attack
|
||||
### Throttle Spammy Clients ###
|
||||
# Throttle all requests by IP 100 req/min
|
||||
throttle('req/ip', limit: 500, period: 5.minutes) do |req|
|
||||
req.ip
|
||||
end
|
||||
|
||||
### Prevent Brute-Force Login Attacks ###
|
||||
# Throttle requests to /sign_in by IP address
|
||||
throttle('logins/ip', limit: 5, period: 20.seconds) do |req|
|
||||
if req.path.include?('/sign_in') && req.post?
|
||||
req.ip
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
# Always allow requests from localhost
|
||||
# (blacklist & throttles are skipped)
|
||||
Rack::Attack.safelist('allow from localhost') do |req|
|
||||
# Requests are allowed if the return value is truthy
|
||||
'127.0.0.1' == req.ip || '::1' == req.ip
|
||||
end
|
Loading…
Reference in New Issue