机架攻击节流
Rack Attack Throttling
我正在尝试阻止一些试图在我们的生产服务器上进行暴力验证的机器人。
这是一个 Rails 4 应用,机架攻击 6.3,我是这样配置的:
config/initializers/rack_attack.rb
class Rack::Attack
# Throttle all requests by IP (60rpm)
#
# Key: "rack::attack:#{Time.now.to_i/:period}:req/ip:#{req.ip}"
throttle('req/ip', limit: 300, period: 5.minutes) do |req|
unless req.path.start_with?('/assets')
Rails.logger.error("Rack::Attack Too many requests from IP: #{req.ip}")
req.ip
end
end
### Prevent Brute-Force Attacks ###
# Throttle any POST requests by IP address
#
# Key: "rack::attack:#{Time.now.to_i/:period}:pink/posts/ip:#{req.ip}"
throttle('pink/posts/ip', limit: 1, period: 2.seconds) do |req|
if req.post?
Rails.logger.error("Rack::Attack Too many POSTS from IP: #{req.ip}")
req.ip
end
end
end
但我不断收到来自同一个 IP 的数百万个请求,我是否遗漏了什么?
docs 说 rails 应用程序默认使用它,因此这应该是启用节流所需的唯一配置。
根据我在 throttling documentation syntax 中看到的内容,正确的做法是 执行 初始化程序中的 class 方法,并且 不在class定义中执行:
config/initializers/rack_attack.rb
# Throttle all requests by IP (60rpm)
#
# Key: "rack::attack:#{Time.now.to_i/:period}:req/ip:#{req.ip}"
Rack::Attack.throttle('req/ip', limit: 300, period: 5.minutes) do |req|
unless req.path.start_with?('/assets')
Rails.logger.error("Rack::Attack Too many requests from IP: #{req.ip}")
req.ip
end
end
### Prevent Brute-Force Attacks ###
# Throttle any POST requests by IP address
#
# Key: "rack::attack:#{Time.now.to_i/:period}:pink/posts/ip:#{req.ip}"
Rack::Attack.throttle('pink/posts/ip', limit: 1, period: 2.seconds) do |req|
if req.post?
Rails.logger.error("Rack::Attack Too many POSTS from IP: #{req.ip}")
req.ip
end
end
所以最后我所拥有的语法和@wscourge 建议的语法都有效,问题是即使官方文档说 rails 应用程序默认使用它,您仍然需要添加关注 application.rb,至少在 Rails 4:
config.middleware.use Rack::Attack
我正在尝试阻止一些试图在我们的生产服务器上进行暴力验证的机器人。
这是一个 Rails 4 应用,机架攻击 6.3,我是这样配置的:
config/initializers/rack_attack.rb
class Rack::Attack
# Throttle all requests by IP (60rpm)
#
# Key: "rack::attack:#{Time.now.to_i/:period}:req/ip:#{req.ip}"
throttle('req/ip', limit: 300, period: 5.minutes) do |req|
unless req.path.start_with?('/assets')
Rails.logger.error("Rack::Attack Too many requests from IP: #{req.ip}")
req.ip
end
end
### Prevent Brute-Force Attacks ###
# Throttle any POST requests by IP address
#
# Key: "rack::attack:#{Time.now.to_i/:period}:pink/posts/ip:#{req.ip}"
throttle('pink/posts/ip', limit: 1, period: 2.seconds) do |req|
if req.post?
Rails.logger.error("Rack::Attack Too many POSTS from IP: #{req.ip}")
req.ip
end
end
end
但我不断收到来自同一个 IP 的数百万个请求,我是否遗漏了什么?
docs 说 rails 应用程序默认使用它,因此这应该是启用节流所需的唯一配置。
根据我在 throttling documentation syntax 中看到的内容,正确的做法是 执行 初始化程序中的 class 方法,并且 不在class定义中执行:
config/initializers/rack_attack.rb
# Throttle all requests by IP (60rpm)
#
# Key: "rack::attack:#{Time.now.to_i/:period}:req/ip:#{req.ip}"
Rack::Attack.throttle('req/ip', limit: 300, period: 5.minutes) do |req|
unless req.path.start_with?('/assets')
Rails.logger.error("Rack::Attack Too many requests from IP: #{req.ip}")
req.ip
end
end
### Prevent Brute-Force Attacks ###
# Throttle any POST requests by IP address
#
# Key: "rack::attack:#{Time.now.to_i/:period}:pink/posts/ip:#{req.ip}"
Rack::Attack.throttle('pink/posts/ip', limit: 1, period: 2.seconds) do |req|
if req.post?
Rails.logger.error("Rack::Attack Too many POSTS from IP: #{req.ip}")
req.ip
end
end
所以最后我所拥有的语法和@wscourge 建议的语法都有效,问题是即使官方文档说 rails 应用程序默认使用它,您仍然需要添加关注 application.rb,至少在 Rails 4:
config.middleware.use Rack::Attack