Protect your Rails and Rack apps from bad clients. Rack::Attack lets you easily decide when to allow, block and throttle based on properties of the request. Rack middleware for blocking & throttling abusive requests. Tackling each curious anomaly that threatens your site’s reliability saps developer productivity and happiness. Rack::Attack lets you throttle abusive requests with just a few lines of code. For the security of our users, we have a stricter throttle for login attempts. This makes it very time consuming for attackers to guess users’ passwords. We also use the IPCat ruby library to detect requests from well-known datacenters. Rack::Attack can also track requests without blocking them. We rely on Rack::Attack to let developers quickly track and throttle requests. It helps keep our site reliable, so we can spend more energy building better features. We’re glad to make it publicly available to the open-source community.
Features
- Limit the number of requests that can be made per IP address
- Rack::Attack can also track requests without blocking them
- Name your custom blocklist and make your ruby-block argument return a truthy value if you want the request to be blocked
- Block all requests from misbehaving clients
- Throttle state is stored in a configurable cache
- Name your custom throttle