You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have configured an Allow2Ban rule to filter any clients with say, more than 20 requests from the same IP within 5 seconds and block them for 1 hour. Instead of implementing this in production straightaway, we would like to track and monitor the events without really blocking the users first. However, I can't find a rack.attack.match_type for Allow2Ban event. Ideally, we would like to log every single Allow2Ban occurrence and its details. Any pointers? Thanks.
Rack::Attack.track('allow2ban scraper')do |req|
Rack::Attack::Allow2Ban.filter(req.ip,maxretry: 20,findtime: 5.seconds,bantime: 1.hour)dotrueendendActiveSupport::Notifications.subscribe("rack.attack")do |name,start,finish,request_id,req|
# how to filter only the Allow2Ban event?end
The text was updated successfully, but these errors were encountered:
Here's the best approach that comes to mind. It's a little manual...but not too bad.
# Set up a typical blacklist with Allow2Ban filter:Rack::Attack.blacklist('allow2ban scraper')do |req|
result=Rack::Attack::Allow2Ban.filter(req.ip,maxretry: 20,findtime: 5.seconds,bantime: 1.hour)dotrueend# But instead of returning the result of Allow2Ban.filter, we track itifresult# Log it or whateverputs"This request would have been blocked"end# Return false so the request is not blocked.falseend
Then when you're ready to enable it in production, you just delete the extra bit after the Allow2Ban.filter block.
I have configured an Allow2Ban rule to filter any clients with say, more than 20 requests from the same IP within 5 seconds and block them for 1 hour. Instead of implementing this in production straightaway, we would like to track and monitor the events without really blocking the users first. However, I can't find a rack.attack.match_type for Allow2Ban event. Ideally, we would like to log every single Allow2Ban occurrence and its details. Any pointers? Thanks.
The text was updated successfully, but these errors were encountered: