Add general IP throttling in Rack::Attack

puzzle · Jan 3, 2024 · 33a941f · 33a941f
1 parent 7e93532
commit 33a941f
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
@@ -14,13 +14,15 @@
   Rack::Attack.safelist_ip(ip_or_subnet)
 end
 
+Rack::Attack.throttle('requests by ip', limit: 5, period: 2, &:ip)
+
 Rack::Attack.blocklist('secure admin logins') do |req|
   Rack::Attack::Allow2Ban.filter(req.ip, maxretry: 5, findtime: 10.minutes, bantime: 1.hour) do
     req.post? && req.path.include?('system')
   end
 end
 
-ActiveSupport::Notifications.subscribe(/rack_attack/) do |name, start, finish, request_id, payload|
+ActiveSupport::Notifications.subscribe(/rack_attack/) do |name, _start, _finish, _request_id, payload|
   # request object available in payload[:request]
   request = payload[:request]
   # require 'pry'; binding.pry
@@ -31,7 +33,13 @@
 # # rubocop:disable Metrics/BlockLength
 # ActiveSupport::Notifications.subscribe('rack.attack') do |_name, _start, _finish, _request_id, req|
 #   req = req[:request]
-#   # msg = [req.env['rack.attack.match_type'], req.ip, req.request_method, req.fullpath, ('"' + req.user_agent.to_s + '"')].join(' ')
+#   # msg = [
+#   #   req.env['rack.attack.match_type'],
+#   #   req.ip,
+#   #   req.request_method,
+#   #   req.fullpath,
+#   #   ('"' + req.user_agent.to_s + '"')
+#   # ].join(' ')
 
 #   request_headers =
 #     req
@@ -66,4 +74,4 @@
 #     logger.info(msg)
 #   end
 #   # rubocop:enable Metrics/BlockLength
-# end
+# end