Skip to content
This repository

You should use protection!

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 lib
Octocat-spinner-32 spec
Octocat-spinner-32 .gitignore ignore Gemfile.lock September 30, 2011
Octocat-spinner-32 .travis.yml
Octocat-spinner-32 Gemfile
Octocat-spinner-32 License initial commit May 23, 2011
Octocat-spinner-32 README.md
Octocat-spinner-32 Rakefile
Octocat-spinner-32 rack-protection.gemspec
README.md

You should use protection!

This gem protects against typical web attacks. Should work for all Rack apps, including Rails.

Usage

Use all protections you probably want to use:

# config.ru
require 'rack/protection'
use Rack::Protection
run MyApp

Skip a single protection middleware:

# config.ru
require 'rack/protection'
use Rack::Protection, :except => :path_traversal
run MyApp

Use a single protection middleware:

# config.ru
require 'rack/protection'
use Rack::Protection::AuthenticityToken
run MyApp

Prevented Attacks

Cross Site Request Forgery

Prevented by:

  • Rack::Protection::AuthenticityToken (not included by use Rack::Protection)
  • Rack::Protection::FormToken (not included by use Rack::Protection)
  • Rack::Protection::JsonCsrf
  • Rack::Protection::RemoteReferrer (not included by use Rack::Protection)
  • Rack::Protection::RemoteToken
  • Rack::Protection::HttpOrigin

Cross Site Scripting

Prevented by:

  • Rack::Protection::EscapedParams (not included by use Rack::Protection)
  • Rack::Protection::XssHeader (Internet Explorer only)

Clickjacking

Prevented by:

  • Rack::Protection::FrameOptions

Directory Traversal

Prevented by:

  • Rack::Protection::PathTraversal

Session Hijacking

Prevented by:

  • Rack::Protection::SessionHijacking

IP Spoofing

Prevented by:

  • Rack::Protection::IPSpoofing

Installation

gem install rack-protection
Something went wrong with that request. Please try again.