Skip to content

Release 1755

Choose a tag to compare

View all tags
@github-actions github-actions released this 11 Jun 11:08
1755
14e0a5e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Trello card

https://trello.com/c/XAIC00Le

Context

We want to protect the app from hostile bots which pollute our db with spam and can also cause DDoS attacks.

Changes proposed in this pull request

Add Fail2Ban to ban hostile bots and Rack::Attack to throttle requests to transaction endpoints.

The ban is set to 5mins per ip and the throttling to 5 req/ip.

If a user encounters a rate limit, the app will redirect the request to a 'Too many requests' error page.

Assets 2
Loading