Class: Rack::Attack

Inherits:
Object
  • Object
show all
Extended by:
Forwardable
Defined in:
lib/rack/attack/cache.rb,
lib/rack/attack/check.rb,
lib/rack/attack/track.rb,
lib/rack/attack/request.rb,
lib/rack/attack/version.rb,
lib/rack/attack/fail2ban.rb,
lib/rack/attack/safelist.rb,
lib/rack/attack/throttle.rb,
lib/rack/attack/allow2ban.rb,
lib/rack/attack/blocklist.rb,
lib/rack/attack/store_proxy.rb,
lib/rack/attack/path_normalizer.rb,
lib/rack/attack/store_proxy/dalli_proxy.rb,
lib/rack/attack/store_proxy/redis_proxy.rb,
lib/rack/attack/store_proxy/mem_cache_proxy.rb,
lib/rack/attack/store_proxy/redis_store_proxy.rb,
lib/rack/attack/store_proxy/redis_cache_store_proxy.rb,
lib/rack/attack.rb

Defined Under Namespace

Modules: FallbackPathNormalizer, StoreProxy Classes: Allow2Ban, Blocklist, Cache, Check, Fail2Ban, MisconfiguredStoreError, MissingStoreError, Request, Safelist, Throttle, Track

Constant Summary collapse

VERSION = 
'5.4.0'
PathNormalizer = 
if defined?(::ActionDispatch::Journey::Router::Utils)
  # For Rails apps
  ::ActionDispatch::Journey::Router::Utils
else
  FallbackPathNormalizer
end

Class Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ Attack

Returns a new instance of Attack.



165
166
167
 
# File 'lib/rack/attack.rb', line 165

def initialize(app)
  @app = app
end

Class Attribute Details

.blocklisted_responseObject

Returns the value of attribute blocklisted_response.



27
28
29
 
# File 'lib/rack/attack.rb', line 27

def blocklisted_response
  @blocklisted_response
end

.notifierObject

Returns the value of attribute notifier.



27
28
29
 
# File 'lib/rack/attack.rb', line 27

def notifier
  @notifier
end

.throttled_responseObject

Returns the value of attribute throttled_response.



27
28
29
 
# File 'lib/rack/attack.rb', line 27

def throttled_response
  @throttled_response
end

Class Method Details

.blacklist(name, &block) ⇒ Object 



54
55
56
57
 
# File 'lib/rack/attack.rb', line 54

def blacklist(name, &block)
  warn "[DEPRECATION] 'Rack::Attack.blacklist' is deprecated.  Please use 'blocklist' instead."
  blocklist(name, &block)
end

.blacklisted?(request) ⇒ Boolean

Returns:

  • (Boolean) 


100
101
102
103
 
# File 'lib/rack/attack.rb', line 100

def blacklisted?(request)
  warn "[DEPRECATION] 'Rack::Attack.blacklisted?' is deprecated.  Please use 'blocklisted?' instead."
  blocklisted?(request)
end

.blacklisted_responseObject 



141
142
143
144
 
# File 'lib/rack/attack.rb', line 141

def blacklisted_response
  warn "[DEPRECATION] 'Rack::Attack.blacklisted_response' is deprecated.  Please use 'blocklisted_response' instead."
  blocklisted_response
end

.blacklisted_response=(res) ⇒ Object 



136
137
138
139
 
# File 'lib/rack/attack.rb', line 136

def blacklisted_response=(res)
  warn "[DEPRECATION] 'Rack::Attack.blacklisted_response=' is deprecated.  Please use 'blocklisted_response=' instead."
  self.blocklisted_response = res
end

.blacklistsObject 



80
81
82
83
 
# File 'lib/rack/attack.rb', line 80

def blacklists
  warn "[DEPRECATION] 'Rack::Attack.blacklists' is deprecated.  Please use 'blocklists' instead."
  blocklists
end

.blocklist(name, &block) ⇒ Object 



38
39
40
 
# File 'lib/rack/attack.rb', line 38

def blocklist(name, &block)
  self.blocklists[name] = Blocklist.new(name, block)
end

.blocklist_ip(ip_address) ⇒ Object 



42
43
44
45
46
 
# File 'lib/rack/attack.rb', line 42

def blocklist_ip(ip_address)
  @ip_blocklists ||= []
  ip_blocklist_proc = lambda { |request| IPAddr.new(ip_address).include?(IPAddr.new(request.ip)) }
  @ip_blocklists << Blocklist.new(nil, ip_blocklist_proc)
end

.blocklisted?(request) ⇒ Boolean

Returns:

  • (Boolean) 


95
96
97
98
 
# File 'lib/rack/attack.rb', line 95

def blocklisted?(request)
  ip_blocklists.any? { |blocklist| blocklist.matched_by?(request) } ||
    blocklists.any? { |_name, blocklist| blocklist.matched_by?(request) }
end

.blocklistsObject 



69
 
# File 'lib/rack/attack.rb', line 69

def blocklists; @blocklists ||= {}; end

.cacheObject 



121
122
123
 
# File 'lib/rack/attack.rb', line 121

def cache
  @cache ||= Cache.new
end

.clear!Object 



131
132
133
134
 
# File 'lib/rack/attack.rb', line 131

def clear!
  warn "[DEPRECATION] Rack::Attack.clear! is deprecated. Please use Rack::Attack.clear_configuration instead"
  clear_configuration
end

.clear_configurationObject 



125
126
127
128
129
 
# File 'lib/rack/attack.rb', line 125

def clear_configuration
  @safelists, @blocklists, @throttles, @tracks = {}, {}, {}, {}
  @ip_blocklists = []
  @ip_safelists = []
end

.instrument(request) ⇒ Object 



117
118
119
 
# File 'lib/rack/attack.rb', line 117

def instrument(request)
  notifier.instrument('rack.attack', request) if notifier
end

.safelist(name, &block) ⇒ Object 



29
30
31
 
# File 'lib/rack/attack.rb', line 29

def safelist(name, &block)
  self.safelists[name] = Safelist.new(name, block)
end

.safelist_ip(ip_address) ⇒ Object 



48
49
50
51
52
 
# File 'lib/rack/attack.rb', line 48

def safelist_ip(ip_address)
  @ip_safelists ||= []
  ip_safelist_proc = lambda { |request| IPAddr.new(ip_address).include?(IPAddr.new(request.ip)) }
  @ip_safelists << Safelist.new(nil, ip_safelist_proc)
end

.safelisted?(request) ⇒ Boolean

Returns:

  • (Boolean) 


85
86
87
88
 
# File 'lib/rack/attack.rb', line 85

def safelisted?(request)
  ip_safelists.any? { |safelist| safelist.matched_by?(request) } ||
    safelists.any? { |_name, safelist| safelist.matched_by?(request) }
end

.safelistsObject 



67
 
# File 'lib/rack/attack.rb', line 67

def safelists;  @safelists  ||= {}; end

.throttle(name, options, &block) ⇒ Object 



59
60
61
 
# File 'lib/rack/attack.rb', line 59

def throttle(name, options, &block)
  self.throttles[name] = Throttle.new(name, options, block)
end

.throttled?(request) ⇒ Boolean

Returns:

  • (Boolean) 


105
106
107
108
109
 
# File 'lib/rack/attack.rb', line 105

def throttled?(request)
  throttles.any? do |_name, throttle|
    throttle.matched_by?(request)
  end
end

.throttlesObject 



71
 
# File 'lib/rack/attack.rb', line 71

def throttles;  @throttles  ||= {}; end

.track(name, options = {}, &block) ⇒ Object 



63
64
65
 
# File 'lib/rack/attack.rb', line 63

def track(name, options = {}, &block)
  self.tracks[name] = Track.new(name, options, block)
end

.tracked?(request) ⇒ Boolean

Returns:

  • (Boolean) 


111
112
113
114
115
 
# File 'lib/rack/attack.rb', line 111

def tracked?(request)
  tracks.each_value do |track|
    track.matched_by?(request)
  end
end

.tracksObject 



73
 
# File 'lib/rack/attack.rb', line 73

def tracks;     @tracks     ||= {}; end

.whitelist(name, &block) ⇒ Object 



33
34
35
36
 
# File 'lib/rack/attack.rb', line 33

def whitelist(name, &block)
  warn "[DEPRECATION] 'Rack::Attack.whitelist' is deprecated.  Please use 'safelist' instead."
  safelist(name, &block)
end

.whitelisted?(request) ⇒ Boolean

Returns:

  • (Boolean) 


90
91
92
93
 
# File 'lib/rack/attack.rb', line 90

def whitelisted?(request)
  warn "[DEPRECATION] 'Rack::Attack.whitelisted?' is deprecated.  Please use 'safelisted?' instead."
  safelisted?(request)
end

.whitelistsObject 



75
76
77
78
 
# File 'lib/rack/attack.rb', line 75

def whitelists
  warn "[DEPRECATION] 'Rack::Attack.whitelists' is deprecated.  Please use 'safelists' instead."
  safelists
end

Instance Method Details

#call(env) ⇒ Object 



169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
 
# File 'lib/rack/attack.rb', line 169

def call(env)
  env['PATH_INFO'] = PathNormalizer.normalize_path(env['PATH_INFO'])
  request = Rack::Attack::Request.new(env)

  if safelisted?(request)
    @app.call(env)
  elsif blocklisted?(request)
    self.class.blocklisted_response.call(env)
  elsif throttled?(request)
    self.class.throttled_response.call(env)
  else
    tracked?(request)
    @app.call(env)
  end
end