rack-attack Blogs
Written by Kiprosh, team of passionate and disciplined craftsmen turning your ideas into reality.
Kiprosh is now part of LawLytics
Written by Kiprosh, team of passionate and disciplined craftsmen turning your ideas into reality.
The web is a weird place. You go to sleep thinking that you have a perfectly functional web application and the next day when you wake up, you might find yourself staring at a sudden huge spike in the number of requests. Either your app got popular overnight or you were just a victim of a DOS attack trying to bring your app server down. Usually, it's the latter. There are some popular gems like rack-attack and rack-throttle which work quite well and provides a lot of flexibility. But if you're looking to write your custom logic with minimum dependencies,
Many times websites get hit by unreliable sources which can mainly be automated scripts that continuously hits a web url which can cause DOS(Denial of Service) attack. In Rails, we are handle such types of attacks by restricting the requests at Rack level. Rack is a middleware which can serve as "a way to filter a request and response". For this, we can use [rack-attack][1]. Example: Rack::Attack.blacklist('allow2ban rapid send_verification_code') do |req| if req.post? && req.path == '/api/v1/verification/send_verification_code.json' Rack::Attack::Allow2Ban.filter(req.ip, maxretry: