Class: Rack::Attack

Inherits:
Object
  • Object
show all
Extended by:
Forwardable
Defined in:
lib/rack/attack/cache.rb,
lib/rack/attack/check.rb,
lib/rack/attack/track.rb,
lib/rack/attack/request.rb,
lib/rack/attack/version.rb,
lib/rack/attack/fail2ban.rb,
lib/rack/attack/safelist.rb,
lib/rack/attack/throttle.rb,
lib/rack/attack/allow2ban.rb,
lib/rack/attack/blocklist.rb,
lib/rack/attack/store_proxy.rb,
lib/rack/attack/path_normalizer.rb,
lib/rack/attack/store_proxy/dalli_proxy.rb,
lib/rack/attack/store_proxy/redis_proxy.rb,
lib/rack/attack/store_proxy/mem_cache_proxy.rb,
lib/rack/attack/store_proxy/redis_store_proxy.rb,
lib/rack/attack/store_proxy/mem_cache_store_proxy.rb,
lib/rack/attack/store_proxy/redis_cache_store_proxy.rb,
lib/rack/attack.rb

Defined Under Namespace

Modules: FallbackPathNormalizer, StoreProxy Classes: Allow2Ban, Blocklist, Cache, Check, Fail2Ban, MisconfiguredStoreError, MissingStoreError, Request, Safelist, Throttle, Track

Constant Summary collapse

VERSION = 
'5.4.1'
PathNormalizer = 
if defined?(::ActionDispatch::Journey::Router::Utils)
  # For Rails apps
  ::ActionDispatch::Journey::Router::Utils
else
  FallbackPathNormalizer
end

Class Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ Attack

Returns a new instance of Attack.



166
167
168
 
# File 'lib/rack/attack.rb', line 166

def initialize(app)
  @app = app
end

Class Attribute Details

.blocklisted_responseObject

Returns the value of attribute blocklisted_response.



28
29
30
 
# File 'lib/rack/attack.rb', line 28

def blocklisted_response
  @blocklisted_response
end

.notifierObject

Returns the value of attribute notifier.



28
29
30
 
# File 'lib/rack/attack.rb', line 28

def notifier
  @notifier
end

.throttled_responseObject

Returns the value of attribute throttled_response.



28
29
30
 
# File 'lib/rack/attack.rb', line 28

def throttled_response
  @throttled_response
end

Class Method Details

.blacklist(name, &block) ⇒ Object 



55
56
57
58
 
# File 'lib/rack/attack.rb', line 55

def blacklist(name, &block)
  warn "[DEPRECATION] 'Rack::Attack.blacklist' is deprecated.  Please use 'blocklist' instead."
  blocklist(name, &block)
end

.blacklisted?(request) ⇒ Boolean

Returns:

  • (Boolean) 


101
102
103
104
 
# File 'lib/rack/attack.rb', line 101

def blacklisted?(request)
  warn "[DEPRECATION] 'Rack::Attack.blacklisted?' is deprecated.  Please use 'blocklisted?' instead."
  blocklisted?(request)
end

.blacklisted_responseObject 



142
143
144
145
 
# File 'lib/rack/attack.rb', line 142

def blacklisted_response
  warn "[DEPRECATION] 'Rack::Attack.blacklisted_response' is deprecated.  Please use 'blocklisted_response' instead."
  blocklisted_response
end

.blacklisted_response=(res) ⇒ Object 



137
138
139
140
 
# File 'lib/rack/attack.rb', line 137

def blacklisted_response=(res)
  warn "[DEPRECATION] 'Rack::Attack.blacklisted_response=' is deprecated.  Please use 'blocklisted_response=' instead."
  self.blocklisted_response = res
end

.blacklistsObject 



81
82
83
84
 
# File 'lib/rack/attack.rb', line 81

def blacklists
  warn "[DEPRECATION] 'Rack::Attack.blacklists' is deprecated.  Please use 'blocklists' instead."
  blocklists
end

.blocklist(name, &block) ⇒ Object 



39
40
41
 
# File 'lib/rack/attack.rb', line 39

def blocklist(name, &block)
  self.blocklists[name] = Blocklist.new(name, block)
end

.blocklist_ip(ip_address) ⇒ Object 



43
44
45
46
47
 
# File 'lib/rack/attack.rb', line 43

def blocklist_ip(ip_address)
  @ip_blocklists ||= []
  ip_blocklist_proc = lambda { |request| IPAddr.new(ip_address).include?(IPAddr.new(request.ip)) }
  @ip_blocklists << Blocklist.new(nil, ip_blocklist_proc)
end

.blocklisted?(request) ⇒ Boolean

Returns:

  • (Boolean) 


96
97
98
99
 
# File 'lib/rack/attack.rb', line 96

def blocklisted?(request)
  ip_blocklists.any? { |blocklist| blocklist.matched_by?(request) } ||
    blocklists.any? { |_name, blocklist| blocklist.matched_by?(request) }
end

.blocklistsObject 



70
 
# File 'lib/rack/attack.rb', line 70

def blocklists; @blocklists ||= {}; end

.cacheObject 



122
123
124
 
# File 'lib/rack/attack.rb', line 122

def cache
  @cache ||= Cache.new
end

.clear!Object 



132
133
134
135
 
# File 'lib/rack/attack.rb', line 132

def clear!
  warn "[DEPRECATION] Rack::Attack.clear! is deprecated. Please use Rack::Attack.clear_configuration instead"
  clear_configuration
end

.clear_configurationObject 



126
127
128
129
130
 
# File 'lib/rack/attack.rb', line 126

def clear_configuration
  @safelists, @blocklists, @throttles, @tracks = {}, {}, {}, {}
  @ip_blocklists = []
  @ip_safelists = []
end

.instrument(request) ⇒ Object 



118
119
120
 
# File 'lib/rack/attack.rb', line 118

def instrument(request)
  notifier.instrument('rack.attack', request) if notifier
end

.safelist(name, &block) ⇒ Object 



30
31
32
 
# File 'lib/rack/attack.rb', line 30

def safelist(name, &block)
  self.safelists[name] = Safelist.new(name, block)
end

.safelist_ip(ip_address) ⇒ Object 



49
50
51
52
53
 
# File 'lib/rack/attack.rb', line 49

def safelist_ip(ip_address)
  @ip_safelists ||= []
  ip_safelist_proc = lambda { |request| IPAddr.new(ip_address).include?(IPAddr.new(request.ip)) }
  @ip_safelists << Safelist.new(nil, ip_safelist_proc)
end

.safelisted?(request) ⇒ Boolean

Returns:

  • (Boolean) 


86
87
88
89
 
# File 'lib/rack/attack.rb', line 86

def safelisted?(request)
  ip_safelists.any? { |safelist| safelist.matched_by?(request) } ||
    safelists.any? { |_name, safelist| safelist.matched_by?(request) }
end

.safelistsObject 



68
 
# File 'lib/rack/attack.rb', line 68

def safelists;  @safelists  ||= {}; end

.throttle(name, options, &block) ⇒ Object 



60
61
62
 
# File 'lib/rack/attack.rb', line 60

def throttle(name, options, &block)
  self.throttles[name] = Throttle.new(name, options, block)
end

.throttled?(request) ⇒ Boolean

Returns:

  • (Boolean) 


106
107
108
109
110
 
# File 'lib/rack/attack.rb', line 106

def throttled?(request)
  throttles.any? do |_name, throttle|
    throttle.matched_by?(request)
  end
end

.throttlesObject 



72
 
# File 'lib/rack/attack.rb', line 72

def throttles;  @throttles  ||= {}; end

.track(name, options = {}, &block) ⇒ Object 



64
65
66
 
# File 'lib/rack/attack.rb', line 64

def track(name, options = {}, &block)
  self.tracks[name] = Track.new(name, options, block)
end

.tracked?(request) ⇒ Boolean

Returns:

  • (Boolean) 


112
113
114
115
116
 
# File 'lib/rack/attack.rb', line 112

def tracked?(request)
  tracks.each_value do |track|
    track.matched_by?(request)
  end
end

.tracksObject 



74
 
# File 'lib/rack/attack.rb', line 74

def tracks;     @tracks     ||= {}; end

.whitelist(name, &block) ⇒ Object 



34
35
36
37
 
# File 'lib/rack/attack.rb', line 34

def whitelist(name, &block)
  warn "[DEPRECATION] 'Rack::Attack.whitelist' is deprecated.  Please use 'safelist' instead."
  safelist(name, &block)
end

.whitelisted?(request) ⇒ Boolean

Returns:

  • (Boolean) 


91
92
93
94
 
# File 'lib/rack/attack.rb', line 91

def whitelisted?(request)
  warn "[DEPRECATION] 'Rack::Attack.whitelisted?' is deprecated.  Please use 'safelisted?' instead."
  safelisted?(request)
end

.whitelistsObject 



76
77
78
79
 
# File 'lib/rack/attack.rb', line 76

def whitelists
  warn "[DEPRECATION] 'Rack::Attack.whitelists' is deprecated.  Please use 'safelists' instead."
  safelists
end

Instance Method Details

#call(env) ⇒ Object 



170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
 
# File 'lib/rack/attack.rb', line 170

def call(env)
  env['PATH_INFO'] = PathNormalizer.normalize_path(env['PATH_INFO'])
  request = Rack::Attack::Request.new(env)

  if safelisted?(request)
    @app.call(env)
  elsif blocklisted?(request)
    self.class.blocklisted_response.call(env)
  elsif throttled?(request)
    self.class.throttled_response.call(env)
  else
    tracked?(request)
    @app.call(env)
  end
end