How to Block Requests at the Rack Level?

Question

When running a Rails4 app, I often see bots probing to see whether I'm running a Wordpress site. I expect that they are looking to either create comment spam or looking for Wordpress security vulnerabilities.

Here's an example error from the log:

ActionController::RoutingError (No route matches [GET] "/wp-login.php")

What is a simple example of Rack middleware where I could block this http request? How would I name the file and where would it go in the Rails application?

Thank you!

K M Rakibul Islam · Accepted Answer · 2017-04-20T15:07:35.467

9

You can use rack-attack gem to blacklist certain requests and the requests from specific ip addresses as well. You can also throttle requests for certain amount of time using this gem.

Follow the readme from the github documentation to install and setup the gem in your Rails project.

To blacklist certain requests, you can do something like this in the app/config/initializers/rack_attack.rb file:

# Block logins from a bad user agent
Rack::Attack.blacklist('block bad UA logins') do |req|
  req.path == '/wp-login.php' && req.get? && req.user_agent == 'BadUA'
end

edited Apr 20 '17 at 15:07

answered Dec 07 '15 at 05:24

K M Rakibul Islam

33,760
12
89
110

1

`blacklist` has been deprecated in the current version of `rack-attack`. This answer should now recommend using the `blocklist` method. – danielricecodes Jan 19 '17 at 16:20
1

Is it faster to block them that to serve them a 404 ? – Pak May 26 '17 at 11:42

score 0 · Answer 2 · answered Dec 10 '18 at 06:13

0

You can use this code below to block all match ".php" using rack-attack gem.

blocklist('block/php') do |req|
    req.ip if /\S+\.php/.match(req.path)
end

answered Dec 10 '18 at 06:13

Marcelo Austria

861
8
16

How to Block Requests at the Rack Level?

2 Answers2