addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscontroller-playcrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramFill 1light-bulblinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonprintShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

Announcing: Rack::Attack! - throttle & block abusive clients

From: Aaron S.
Sent on: Wednesday, August 15, 2012 10:43 AM
Happy Wednesday, NYC.rb!

I'm announcing Rack::Attack, a middleware for throttling and blocking http clients.

Check it out:
https://github.com...­

WHY!?

Web sites sometimes get some unwanted attention from attackers, naive scrapers, and other rascally netizens. Maybe a bot is trying to crack account passwords, or a scraper is requesting an expensive URL many times per second.

Figuring out how to mitigate these requests can be time-consuming and boring.

Rack::Attack helps you stay sane. With a couple lines of code you can block or throttle these rascals, keeping your site secure, fast, and reliable.

HOW!?

I wrote a README with some good examples:
https://github.com...­

...but here's the gist:

Once you include the Rack::Attack middleware, you define 'blacklists' and 'throttles' as ruby blocks that are passed the request object. The return value determines if the request is denied or allowed to pass through to your app. You can use arbitrary properties of the request to decide whether to allow the request.

Throttle counters are kept in a configurable cache store. It works out of the box with Rails.cache & memcached.

And support for ActiveSupport::Notif­ications is built-in, so you can log, graph, & instrument to your heart's content.

Kickstarter has been using Rack::Attack for a few weeks with great success. I'm excited to open it up to the community.

-Aaron Suggs
twitter.com/ktheory

Our Sponsors

  • Pivotal Labs

    Provides the awesome event space we use every month!

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy