1

Say I have a throttle like this:

throttle('emails/ip', :limit => 5, :period => 24.hours) do |req|
  if req.path == '/users/check_email_availability' && req.post?
    req.ip
  end
end

What happens if someone keeps trying to access that link after they are throttled? Will they be blocked for another 24 hours? Or will the gem only be looking at their last 5 requests? When do they become unthrottled?

hackrnaut
  • 581
  • 5
  • 20

1 Answers1

1

Every request, for which you return a truthy value, is cached with a timestamp, even when a request is blocked. To determine if a request is blocked or not rack-attack counts the requests within :period time range.

So rack-attack does not block for :period. Instead it counts all requests within :period and if this count is larger than :limit, the request is blocked.

slowjack2k
  • 2,566
  • 1
  • 15
  • 23