Track Allow2Ban

[sushengloong]

I have configured an Allow2Ban rule to filter any clients with say, more than 20 requests from the same IP within 5 seconds and block them for 1 hour. Instead of implementing this in production straightaway, we would like to track and monitor the events without really blocking the users first. However, I can't find a rack.attack.match_type for Allow2Ban event. Ideally, we would like to log every single Allow2Ban occurrence and its details. Any pointers? Thanks.

Rack::Attack.track('allow2ban scraper') do |req|
  Rack::Attack::Allow2Ban.filter(req.ip, maxretry: 20, findtime: 5.seconds, bantime: 1.hour) do
    true
  end
end

ActiveSupport::Notifications.subscribe("rack.attack") do |name, start, finish, request_id, req|
   # how to filter only the Allow2Ban event?
end

[ktheory]

Good question!

Here's the best approach that comes to mind. It's a little manual...but not too bad.

# Set up a typical blacklist with Allow2Ban filter:
Rack::Attack.blacklist('allow2ban scraper') do |req|
  result = Rack::Attack::Allow2Ban.filter(req.ip, maxretry: 20, findtime: 5.seconds, bantime: 1.hour) do
    true
  end

  # But instead of returning the result of Allow2Ban.filter, we track it
  if result
   # Log it or whatever
   puts "This request would have been blocked"
  end

  # Return false so the request is not blocked.
  false

end

Then when you're ready to enable it in production, you just delete the extra bit after the Allow2Ban.filter block.