1

Im using rack-attack to block an ip.

# Block requests from 1.2.3.4
Rack::Attack.blocklist('block 1.2.3.4') do |req|
# Requests are blocked if the return value is truthy
'1.2.3.4' == req.ip
end

The IP gets successfully blocked. The person can view a white page with the word "forbidden" on the upper-left corner. Is there any way to change the string "forbidden" ?

EDIT :

Tried using this. All my other error pages are also configured similarly. https://mattbrictson.com/dynamic-rails-error-pages But it doesn't seen to work on the rack attack 403 forbidden page.

smanvi12
  • 571
  • 8
  • 24

3 Answers3

4

To customize the response of blocklisted and throttled requests, use an object that adheres to the Rack app interface.

Rack::Attack.blocklisted_response = lambda do |env|
  # Using 503 because it may make the attacker think that he had successfully
  # DOSed the site. Rack::Attack returns 403 for blocklists by default
  [ 503, {}, ['Your custom string here']]
end

see the relevant documentation

Tony Vincent
  • 13,354
  • 7
  • 49
  • 68
1

Overwrite blocklisted_response.

@Tony Vincent is correct. I thought I would just elaborate a little further.

You just need to overwrite the default value for blocklisted_response.

You can see the default value here:

@blocklisted_response = lambda { |_env| [403, { 'Content-Type' => 'text/plain' }, ["Forbidden\n"]] }

So in your rack_attack.rb initializer, you can do the following:

Rack::Attack.blocklisted_response = lambda{ |_env| [ 403, { "Content-Type" => "text/plain" }, [ "You have been blocked from the system. If you think this has been done in error, please contact Support at support@system.com. Thank you." ] ] }
Joshua Pinter
  • 45,245
  • 23
  • 243
  • 245
0

Overwrite blocklisted_response

You can display HTML pages also

So in your rack_attack.rb initializer, you can do the following:

Rack::Attack.blocklisted_response = lambda{ |_env| [ 403, { "Content-Type" => "text/html" }, [ "<!DOCTYPE html>
<html>
<head>
  <title>The page you were looking for doesn't exist (404)</title>
  <meta name='viewport' content='width=device-width,initial-scale=1'>
</head>

<body class='rails-default-error-page'>
  <!-- This file lives in public/404.html -->
  <div class='dialog'>
    <div>
      <h1>The page you were looking for doesn't exist.</h1>
      <p>You may have mistyped the address or the page may have moved.</p>
    </div>
    <p>If you are the application owner check the logs for more information.</p>
  </div>
</body>
</html>
" ] ] }
nirav kanani
  • 47
  • 8