add attack
This commit is contained in:
parent
d7158f57a2
commit
1a6d8ce18a
1
Gemfile
1
Gemfile
|
@ -16,6 +16,7 @@ gem 'pundit'
|
|||
gem 'simple_form'
|
||||
gem 'animate-scss' , :github => "ejholmes/animate.scss"
|
||||
gem "best_in_place"
|
||||
gem 'rack-attack'
|
||||
|
||||
#asynchronous sending
|
||||
gem 'sucker_punch'
|
||||
|
|
|
@ -241,6 +241,8 @@ GEM
|
|||
quiet_assets (1.1.0)
|
||||
railties (>= 3.1, < 5.0)
|
||||
rack (1.6.4)
|
||||
rack-attack (4.4.1)
|
||||
rack
|
||||
rack-test (0.6.3)
|
||||
rack (>= 1.0)
|
||||
rails (4.2.6)
|
||||
|
@ -404,6 +406,7 @@ DEPENDENCIES
|
|||
puma
|
||||
pundit
|
||||
quiet_assets
|
||||
rack-attack
|
||||
rails (= 4.2.6)
|
||||
rails_layout
|
||||
rb-fchange
|
||||
|
|
|
@ -20,6 +20,8 @@ module WebDevSite
|
|||
g.fixture_replacement :factory_girl, dir: "spec/factories"
|
||||
end
|
||||
|
||||
config.middleware.use Rack::Attack
|
||||
|
||||
# Settings in config/environments/* take precedence over those specified here.
|
||||
# Application configuration should go into files in config/initializers
|
||||
# -- all .rb files in that directory are automatically loaded.
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
# Block requests for php or cgi, jps and what else the people throw at us
|
||||
Rack::Attack.blacklist('block admin probes') do |req|
|
||||
# Request are blocked if the return value is truthy
|
||||
reject = false
|
||||
["php" , "jsp" , "cgi", "asp", "cfm," "proxy.txt", "soapCaller", "Win32" , "HNAP1" , "w00tw00t",
|
||||
"pma" , "mysql" ,"msd" , "MySQL" , "jmx-console" , "ervlet" , "xml" ,"install",
|
||||
"webdav"].each do |no|
|
||||
if req.path.include?(no)
|
||||
reject = true
|
||||
break
|
||||
end
|
||||
end
|
||||
reject
|
||||
end
|
||||
|
||||
# Block requests from people clearly out to break servers
|
||||
Rack::Attack.blacklist('block admin ips') do |req|
|
||||
[ "79.143.82.69" , "85.76.99.50" ].include? req.ip
|
||||
end
|
||||
|
||||
# Throttle requests to 5 requests per second per ip
|
||||
Rack::Attack.throttle('req/ip', :limit => 5, :period => 1.second) do |req|
|
||||
# If the return value is truthy, the cache key for the return value
|
||||
# is incremented and compared with the limit. In this case:
|
||||
# "rack::attack:#{Time.now.to_i/1.second}:req/ip:#{req.ip}"
|
||||
#
|
||||
# If falsy, the cache key is neither incremented nor checked.
|
||||
|
||||
req.ip
|
||||
end
|
||||
|
||||
# Always allow requests from shop
|
||||
# (blacklist & throttles are skipped)
|
||||
Rack::Attack.whitelist('allow from known or dev') do |req|
|
||||
# Requests are allowed if the return value is truthy
|
||||
if Rails.env.production?
|
||||
[ "85.76.112.161" , "85.76.99.50"].include? req.ip
|
||||
else
|
||||
true
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue