Commit 0aa335b1
Changed files (4)
config/initializers/rack_attack.rb
@@ -0,0 +1,9 @@
+# Throttle requests to 5 requests per second per ip
+Rack::Attack.throttle('req/ip', :limit => 5, :period => 1.second) do |request|
+ # If the return value is truthy, the cache key for the return value
+ # is incremented and compared with the limit. In this case:
+ # "rack::attack:#{Time.now.to_i/1.second}:req/ip:#{req.ip}"
+ #
+ # If falsy, the cache key is neither incremented nor checked.
+ request.ip
+end
config/application.rb
@@ -45,5 +45,6 @@ module Cake
:sender_address => %{"notifier" <notifier@cakeside.com>},
:exception_recipients => ENV['EXCEPTION_EMAIL_ADDRESS'].split(" "),
} unless Rails.env.test?
+ config.middleware.use Rack::Attack
end
end
Gemfile
@@ -40,6 +40,7 @@ gem 'mime-types', '~> 1.25.1'
gem 'ejs', '~> 1.1.1'
gem 'js-routes', '~> 0.9.8'
gem 'geoip'
+gem 'rack-attack'
group :development do
gem 'capistrano', '~> 3.0', require: false
Gemfile.lock
@@ -217,6 +217,8 @@ GEM
websocket-driver (>= 0.2.0)
polyglot (0.3.5)
rack (1.5.2)
+ rack-attack (4.1.0)
+ rack
rack-test (0.6.2)
rack (>= 1.0)
rails (4.1.4)
@@ -380,6 +382,7 @@ DEPENDENCIES
newrelic_rpm
pg
poltergeist
+ rack-attack
rails (= 4.1.4)
rmagick (~> 2.13.0)
rspec-rails