Many times websites get hit by unreliable sources which can mainly be automated scripts that continuously hits a web url which can cause DOS(Denial of Service) attack.
In Rails, we are handle such types of attacks by restricting the requests at Rack level. Rack is a middleware which can serve as "a way to filter a request and response".
For this, we can use [rack-attack].
Rack::Attack.blacklist('allow2ban rapid send_verification_code') do |req| if req.post? && req.path == '/api/v1/verification/send_verification_code.json' Rack::Attack::Allow2Ban.filter(req.ip, maxretry: 14, findtime: 10.minute, bantime: 3.hours) do '/api/v1/verification/send_verification_code.json' end end end
Above example will filter the request POST /api/v1/verification/send_verification_code.json which is the path used to send verification SMS. It will blacklist the request IP if it hits the url more than 14 times within a span of 10 minutes. This IP will be blacklisted for 3 hours which is saved in any caching mechanism (Rails.cache, redis or memcache) used.