1Rails.application.config.middleware.use Rack::Attack
 2# Always allow requests from localhost
 3# (blacklist & throttles are skipped)
 4Rack::Attack.safelist('allow from localhost') do |request|
 5  # Requests are allowed if the return value is truthy
 6  '127.0.0.1' == request.ip
 7end
 8
 9# Throttle requests to 5 requests per second per ip
10Rack::Attack.throttle('req/ip', limit: 5, period: 1.second) do |request|
11  # If the return value is truthy, the cache key for the return value
12  # is incremented and compared with the limit. In this case:
13  #   "rack::attack:#{Time.now.to_i/1.second}:req/ip:#{req.ip}"
14  #
15  # If falsy, the cache key is neither incremented nor checked.
16  request.ip
17end