From eb6f2631586aac458e82bf62d6a4e13d3cec6897 Mon Sep 17 00:00:00 2001
From: Thomas Burkhalter <new.mysteryman@gmail.com>
Date: Tue, 20 Aug 2024 11:55:23 +0200
Subject: [PATCH] Ignore S3 requests in Rack::Attack

---
 config/initializers/rack_attack.rb | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
index 8ff02a00..5013f0e2 100644
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -13,6 +13,15 @@
   Rack::Attack.safelist_ip(ip_or_subnet)
 end
 
+Rack::Attack.safelist "allow S3 redirects" do |request|
+  regexes = [
+    %r~https://[^/]+?/rails/active_storage/blobs/redirect/[A-Za-z0-9=]+--[A-Za-z0-9=]+/~,
+    %r~https://[^/]+?/rails/active_storage/representations/redirect/[A-Za-z0-9=]+--[A-Za-z0-9=]+/[A-Za-z0-9=]+--[A-Za-z0-9=]+/~
+  ]
+
+  regexes.any? { _1.match? request.url }
+end
+
 Rack::Attack.throttle('requests by ip', limit: 100, period: 10, &:ip)
 
 Rack::Attack.blocklist('secure admin logins') do |req|