Ignore S3 requests in Rack::Attack

puzzle · Aug 20, 2024 · eb6f263 · eb6f263
1 parent 945711c
commit eb6f263
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
@@ -13,6 +13,15 @@
   Rack::Attack.safelist_ip(ip_or_subnet)
 end
 
+Rack::Attack.safelist "allow S3 redirects" do |request|
+  regexes = [
+    %r~https://[^/]+?/rails/active_storage/blobs/redirect/[A-Za-z0-9=]+--[A-Za-z0-9=]+/~,
+    %r~https://[^/]+?/rails/active_storage/representations/redirect/[A-Za-z0-9=]+--[A-Za-z0-9=]+/[A-Za-z0-9=]+--[A-Za-z0-9=]+/~
+  ]
+
+  regexes.any? { _1.match? request.url }
+end
+
 Rack::Attack.throttle('requests by ip', limit: 100, period: 10, &:ip)
 
 Rack::Attack.blocklist('secure admin logins') do |req|