Comments (5)
Hi Owen! Most people are using rack-throttle for legacy versions of ruby, but if you are able to: https://github.com/kickstarter/rack-attack is much more feature full & maintained!
from rack-throttle.
Thanks FreekingDean. I'll work on migrating with our next sprint and add any gotchas/comments to this issue.
from rack-throttle.
Would love to know if there are large sweeping differences, but I believe it was originally based on this repo.
from rack-throttle.
The switch took about an hour.
safelist
took care of the IP whitelisting- Created a Rack::Attack::Request like the example config to whitelist localhost IP and a few paths
- Able to create three different throttles based on different paths
- Plugs right into Rails.cache.store without any issues
The hardest part was understanding how to log if something was throttled. Here was my solution...
ActiveSupport::Notifications.subscribe("throttle.rack_attack") do |_name, _start, _finish, _request_id, payload|
request = payload[:request]
Rails.logger.error("[rack-attack] throttle=#{request.env["rack.attack.matched"]}, path=#{request.path}, ip=#{request.ip}")
end
Will throw it into production in two weeks and see how it performs.
from rack-throttle.
Works great. Only issue was that the IP method needs to be overwritten if you deal with HTTP_X_FORWARDED_FOR otherwise you'll block all traffic from your load balancers.
def ip
if addr = env['HTTP_X_FORWARDED_FOR']
(addr.split(',').first || env['REMOTE_ADDR']).to_s.strip
else
env['REMOTE_ADDR']
end
end
from rack-throttle.
Related Issues (20)
- Concurrency issue in setting count (time_window.rb:14) / JRuby HOT 4
- Release with Rack::Throttle::Second? HOT 1
- Custom responses? HOT 3
- Change client identification HOT 5
- Use HTTP Status 429 - Too Many Requests HOT 9
- Problem with version and rubygems HOT 2
- use different rate-limiting for controllers HOT 2
- No tag for 0.4.0 HOT 9
- NameError: uninitialized constant Rack::Throttle::Second HOT 1
- Are API requests not being a subject to throttling? HOT 1
- Missing minute directive in second.rb cache_key HOT 1
- Add cache expiration for Redis HOT 5
- Key conflict when combining various throttling constraints into one overall policy HOT 2
- uninitialized constant Rack::Throttle::Limiter (NameError) HOT 1
- Request - add documentation/support for using with Grape API's HOT 2
- Clearing Cache HOT 1
- Deprecate in favor of RackAttack HOT 3
- README in latest release & tagging HOT 1
- Wrong request IP determined in container/proxy context
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rack-throttle.