Rack middleware for blocking & throttling
Rack::Attack is a rack middleware to protect your web app from bad clients. It allows whitelisting, blacklisting, throttling, and tracking based on arbitrary properties of the request.
Questions tagged [rackattack]
35 questions
1
vote
0 answers
How can I make my other tests pass after implementing Throttle
I am working on a task that requires me to throttle payment requests, limiting to one payment per few seconds. The task is well done and working as should, even the tests to confirm the throttle is well implemented are working as should. My only…
Linda Kadz
- 329
- 2
- 17
1
vote
1 answer
upgrade from rack-attack 6.3.1 to 6.5.0 is giving error on custom methods
When upgrading from rack-attack 6.3.1 to 6.5.0 request object is unable to fetch any custom methods
When I run request.comment it throws the below error
undefined method `comment' for #Hash:0x00007fd2b4f41530
As per the documentation, I updated the…
Aniket Tiwari
- 3,561
- 4
- 21
- 61
1
vote
0 answers
Rack::Attack test case: can't change ENV variable value using blocklist
Could anyone share some blocklist test cases with an ENV variable as well, I found that in the spec file, we can't change the env variable in the rails middleware.
If we set the env variable in the spec file.
stub_const('ENV',…
Lucia
- 51
- 5
1
vote
0 answers
rails rack attack throttle requests to N requests per hour per authenticated user
I am using rails 5.2.4 and ruby 2.5.8
api authentication with gem knock for jwt token with devise model
using gem rack-attack for this feature
I want to implement two cases followed,
I want to throttle request if user is authenticated If user…
Akash Sharma
- 31
- 1
- 5
1
vote
0 answers
Configuring X-Forwarded-For Header in GKE nginx Proxy Configuration
I have installed an nginx controller in GKE (GCP) on a cluster and a rails app set up with a Rack Attack configuration for restricting access. We're having trouble getting the remote IP address of incoming requests. It keeps returning the ingress IP…
Nathan McKaskle
- 2,926
- 12
- 55
- 93
1
vote
1 answer
How can I block file uploads in Rails?
I have a rails app (v4.2). I have two actions that permit an image upload using paperclip. I have paperclip validation on the mime types.
Anti-malware on the server found a bunch of PHP files in /tmp like this…
Kevin Lawrence
- 698
- 7
- 23
1
vote
1 answer
How does rails rack-attack throttle work?
Say I have a throttle like this:
throttle('emails/ip', :limit => 5, :period => 24.hours) do |req|
if req.path == '/users/check_email_availability' && req.post?
req.ip
end
end
What happens if someone keeps trying to access that link after…
hackrnaut
- 581
- 5
- 20
1
vote
3 answers
rack-attack configure text on blacklist page
Im using rack-attack to block an ip.
# Block requests from 1.2.3.4
Rack::Attack.blocklist('block 1.2.3.4') do |req|
# Requests are blocked if the return value is truthy
'1.2.3.4' == req.ip
end
The IP gets successfully blocked. The person can view a…
smanvi12
- 571
- 8
- 24
0
votes
0 answers
Rails rack-attack how too add RateLimit headers to all responses?
I want to use rack-attack gem to throttle requests to an API. I would like to include RateLimit HTTP headers in all the responses, not only the throttled ones, so API consumers are aware how much quota they have left.
The gem's docs contain example…
mrt
- 1,669
- 3
- 22
- 32
0
votes
2 answers
Rack Attack Throttling
I am trying to throttle some bots trying to brute force authentication on our production server.
This is a Rails 4 app with rack attack 6.3 and i have configured it like this:
config/initializers/rack_attack.rb
class Rack::Attack
# Throttle all…
Julien
- 2,217
- 2
- 28
- 49
0
votes
1 answer
Cloudflare origin IP and Rack Attack Rails
I have a problem where I seem to be unable to access Cloudflare's header that passes the client origin IP when it proxies requests.
The header should be HTTP_CF_CONNECTING_IP according to Cloudflare's docs and my site is hosted on Heroku.
I have…
Tom Pinchen
- 2,467
- 7
- 33
- 53
0
votes
1 answer
PUT/POST request throttle Rack attack redirect not working
So I have a form that makes XHR to external api on to get token and then submit to url which calls our db at "/update" on our backend. We are trying to limit number of requests a person can make using the form by using a rack attack throttle. So…
maths
- 1,399
- 5
- 23
- 38
0
votes
1 answer
Rack attack filling up hard drive space
I have also asked this on GitHub but it seems nobody is answering.
The problem is I am using Rack Attack as a gem for blocking scraping.
My config is located here
The problem I am running into is it is writing cache to the file system and filling up…
NooBskie
- 3,761
- 31
- 51
0
votes
1 answer
Rack::Attack isn't blocklisting ip addresses
I have installed and configured Rack::Attack, but the blacklisted ip addresses are still hitting my site constantly.
In config/application.rb:
require_relative 'boot'
require 'rails/all'
# Require the gems listed in Gemfile, including any gems
#…
tomb
- 1,374
- 1
- 13
- 23
0
votes
1 answer
Rack Attack Block List Doesn't work
I'm using the gem rack-attack and also gem geoip in rails 5. Have got everything setup well but for some reason, I can't get the blocklist to work to block a country code. I've setup a flash alert to make sure the correct country code is being…
dgreen22
- 388
- 4
- 19