Intrusion is a gem helping you to block objects for IP adresses within your Rails Application.
Add it to your Gemfile:
gem 'intrusion'
then run
# bundle install
If you want to store the ids status on object level,
create an ids text attribute for the ApplicationRecord you want to protect and migrate, e.g:
# rails generate migration add_ids_to_accounts ids:text
# rails db:migrate
If you need a global IDS on application-level, migrate an existing ApplicationRecord or create a new one, example:
# rails g model global ids:text
# rails db:migrate
class Account < ApplicationRecord
include Intrusion
end
Intrusion takes a configure block that allows you to set a threshold for hard block (defaults to 10):
class Account < ApplicationRecord
include Intrusion
Intrusion.configure do |config|
config.threshold = 5
end
end
It might be a good idea to raise SecurityError whenever something's happening that looks like an attack.
Then catch and re-raise in the application_controller.rb, for example:
class ApplicationController < ActionController::Base
before_action :allowed_by_ids
rescue_from SecurityError, with: :hit_ids
protected
def hit_ids(exception)
@account.ids_report!(request.remote_ip)
raise exception
end
def allowed_by_ids
head :unauthorized if @account.ids_is_blocked?(request.remote_ip)
end
end
> @account.ids_is_blocked?(request.remote_addr)
The internal counter will be increased. If you do this 10 times, the ip is considered blocked. Modify this threshold in the configure block (see above).
> @account.ids_report!(request.remote_addr)
If something really bad happend, you can bock immediately:
> @account.ids_report!(request.remote_addr, true)
For instance, after a successful login, you could reset the counter:
> @account.ids_unblock!(request.remote_addr)
You are not limited to IP addresses. You may use any keyword, for instance:
> @account.ids_report!('self')
# ruby -Itest test/intrusion_test.rb
MIT
© 2010 - 2022 Simon Duncombe