From abe35c6fd9b82e8ed550379e893f07c7b080eca2 Mon Sep 17 00:00:00 2001 From: Matchu Date: Tue, 2 Jul 2013 14:10:01 -0700 Subject: [PATCH] throttle pet loads per ip --- Gemfile | 2 ++ Gemfile.lock | 3 +++ config/application.rb | 2 ++ config/initializers/attack.rb | 23 +++++++++++++++++++++++ vendor/cache/rack-attack-2.2.0.gem | Bin 0 -> 12288 bytes 5 files changed, 30 insertions(+) create mode 100644 config/initializers/attack.rb create mode 100644 vendor/cache/rack-attack-2.2.0.gem diff --git a/Gemfile b/Gemfile index ea0d679e..a7c08bbc 100644 --- a/Gemfile +++ b/Gemfile @@ -62,6 +62,8 @@ gem "rest-client", "~> 1.6.7" gem "rails-i18n" +gem 'rack-attack', '~> 2.2.0' + # Needed for the new asset pipeline group :assets do diff --git a/Gemfile.lock b/Gemfile.lock index a24e2b7e..431db003 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -190,6 +190,8 @@ GEM dye (>= 0.1.1) yard (>= 0.6.3) rack (1.4.5) + rack-attack (2.2.0) + rack rack-cache (1.2) rack (>= 0.4) rack-fiber_pool (0.9.2) @@ -325,6 +327,7 @@ DEPENDENCIES openneo-auth-signatory (~> 0.1.0) parallel (~> 0.5.17) patron (~> 0.4.18) + rack-attack (~> 2.2.0) rack-fiber_pool rails (= 3.2.13) rails-i18n diff --git a/config/application.rb b/config/application.rb index 7c1689c2..80cb0467 100644 --- a/config/application.rb +++ b/config/application.rb @@ -50,6 +50,8 @@ module OpenneoImpressItems config.assets.paths << Rails.root.join('app', 'assets', 'fonts') config.assets.precompile << '*.js' config.assets.initialize_on_precompile = false + + config.middleware.insert_after ActionDispatch::Flash, Rack::Attack end end diff --git a/config/initializers/attack.rb b/config/initializers/attack.rb new file mode 100644 index 00000000..e402e99e --- /dev/null +++ b/config/initializers/attack.rb @@ -0,0 +1,23 @@ +Rack::Attack.throttle('pets/ip', limit: 10, period: 1.minute) do |req| + Rails.logger.debug "Pets hit? #{req.path.inspect} #{req.ip.inspect}" + req.ip if req.path.start_with?('/pets/load') +end + +PETS_THROTTLE_MESSAGE = "We've received a lot of pet names from you " + + "recently, so we're giving our servers a break. Try " + + "again in a minute or so. Thanks!" + +Rack::Attack.throttled_response = lambda do |env| + if env['rack.attack.matched'] == 'pets/ip' + req = ActionDispatch::Request.new(env) + if req.path.end_with?('.json') + [503, {}, [PETS_THROTTLE_MESSAGE]] + else + flash = req.flash + flash[:warning] = PETS_THROTTLE_MESSAGE + [302, {"Location" => "/"}, [PETS_THROTTLE_MESSAGE]] + end + else + [503, {}, ["Retry later"]] + end +end \ No newline at end of file diff --git a/vendor/cache/rack-attack-2.2.0.gem b/vendor/cache/rack-attack-2.2.0.gem new file mode 100644 index 0000000000000000000000000000000000000000..9ed7f14e71866b280a6904155eba5e6d3a70e83d GIT binary patch literal 12288 zcmeHtQ;;T1wr$yF7rM+Y+qP}nwr$&Xbs1f@ZFTu8+v>u1{y7(CVjk{&nsX;^%zoLK zxg)VxX0C{gTy|!zMy5utM)VfmApb05{L5HbSwa5h|FVDdOsvf8|EukP#F)8Ra z8b9AQvo^BgiX-`%{rF{Ezc53mb_7$*Zn#mLe?WRDx0N0tnl3vkNo;X-Cz&u}v2Bbm zCxk>RcCuygLTL8!2YocGOjyts{Onz2cAw0wdNlD~S7kzUl68NDvEq#I zpc>+%V`j7iP8dq}kmxARp5;^dV<@QQmT0>VT%8saN&}I8gJ}~J+qx0l3=A5FCu&fR z4B(4{*W&SgmaLa%3#bqC@HBn^Df)CFAYO^EzDsNgtV4*>tuGyx80RibmW^TL;b zp-cTHc#kQBZ5Wo62Os>YXl5v-fdMDq4jRqI@0PYOOTCev+6Fn3hUNC{ut$soxv+u0 z5dxPUlfq*cw7W(R^7piH5gu3tk@uKOm|GXa%l@*^1ru#VIE#wqK)JIK3vUrRRTd?I zI&%w+RNbwL)P-?MLM0?Nrfy-i;POE=HA%r?_xCmJ-O+~G)1{5}f!t#FXE%Swy6gb# zgUJ*)nhSUZZkU7y?K{=Cv7yh9wg@Mcz2=d82QR8)i4d>Ecd_*b7baf^vQ~^%w=GV_iH&kKsUUjRmozB+F|1^Z z$9LpKtBXuqr)1?CP@ADivi1z5c!I4T(G8!hSXV1=o60kd})H3JeipmRS9IuC3;uM+}TG6)Txe_G*+YRMOMa z^U&ZJG+dYJUO0)*FnhK5HrQvBXl~E^aUIXUy>0(;mO{DfHd67?w&~OKvv28XyTWJN zVz=?y^%;Xl6e`GXK5$M z_oSYDN3R5?f`VouxTb#ikiLhj@tk{hyzskI7nxs%v@;gG3w_VcZ?VnTHT5`hJAkAc z&hwbp40^w|w~zdS1~MS21M9vA)w|7jfI}Mz&_|&wf#V+NcnD;34kIPUImn+U9WDDRNA{4o+KLRhk>UrZlPC9jJ!03k)zH)eRWe57EQ?8uW1q)qnxj|@1? zQ+QmCUv;84YoE0=2SM?+@}GNrcvBbQ;Rj>jOi04L{iXw%Np)q!c-90_N6P5%jm{_V zh6WTuqco4*w}ZKBM&*Cd6X>oKMb2_czpUOIEuJQzfOE}Mn`YGx_SE0aK5b1=1{xTJg2lLDGi{&Ztl=|>L z;60LSu`-qOU&r^SfYPAFJvb}JDx4R*3bYQkf^S5#kBLGkcU)vZF_dqzqS@qJ8!$F7 zzp8t__()5eJ_1L@h(N z6w2rW(X?mN74#VuY`M^3P{o4z9W6Y7iVX)}Gd5QTN|?l<;PGfgr5!Fw3;;>JmmDi4 zyh8ySY~39JYr=AA5QLJzfv|@n_X^ets;kGV2j32*6vqG58>o;zO?P?@@SbObf!tn| zXJm$ppk@9=%hxo56lMSe7uxJ{+MKJ1O4x08p2i6I`Vbh=yMi$C^?u(X1=hyK^c(k1 ztaEaH#*9*%d7Q&l^os*U?~p2#V@DD0r$XNVu+6aKy*}`lEeX7(K+n9M76fQy%sg$v zcE?$bri-zVAYAQ6Gf{AC04wS(5Et!oHL&u+lWT2a3nk2R%13t*9@Gizo9Mgwfaduo zMayf?X8;@`G|Oc0RvLW6qeh{&*K>7w7GmvgdfUo+co#eH<(1v zynLN;P9ud6y&AOzg0HpA=T{+^ zo3mxE949AUM)0rCUXVy5NUAgE!Le~!&^ZZG{&tYxUPFn&)tXjth@Dt3jHeQ6gg$n@YcU=WH{nQzh2?sOYa2NXb!@01ejnZw zE74vg4!f|Y{nk7@Kt5;*-4st2K;}?p3v8A`v(Os9VfzZujRF>2x^p}O_lJRF$uwjk zeFCqy$9t~_`v%a20^j@IU-w}k9!d#=fym6e*i#A>GK*pEGHC+3>71#~-aiqHA$2lB z5TPK4dcibVm^9IUr6e(vywuWoLeZTf@TS;c_O)pegyGxM_<;o|*sRGtTV1N32iE1{ z#^f2J&RY^wThrsGXOPzRTN%l=lDJumIRy$PNwcl`QT6h@^m|td=_GKis7dFhURWod z(#BlaWT-3%1-WaCram1F3BXd7rz~rPen^2e*++W?`aG5;+nU+x9C_rJ`)izyfdUqJ z%?$d$_}6OD@kuFs@0^8#?XpZ!@>-~f<9sU$U&~rrdi8TG?N>|7b24dl((~+BEh=&% zZ3UW-ypK|x=bbZmGuP^zPT2201-8DHN_TJm7}USiG=068Hh;Y&UJ5vmY_EKwrr0U_ zAS-<_cqRugIaS~qrhRzWtO5xfK7i1~zyNG7Cw&WD&SK36cU6udnS*K@HJA>_NRTsDGYF(vrcj@t{ zTGrJtPjwt%XS1}3(h%>`bg<^Yt|{6?u4Jyh=Tu`7LuV`0(>+?gY>x!caw2;!vb!re z1ti|OVo6X_Xu1(d8DIojeo7@tRbLR&`pL;qc1l%0XlI|MqSR7(*Y;E;iW0ZBLvNR! z3e7Fy@>SlYH4m}zRh5fLL~q9WpD#|iM{w%JM2NJ-5l}@nd4Ge zQ?=FksI>bz_JNOB_h;aI6YYGi%&DC4aohGM-a%sbhHRW4VegRRzCqgkmazoyP`N&V zxi#frudybWwl*?Q@I{s#Re9-M`CnSncF%LqeegE9ckCExPYL_Ur4L^L0lO?FBYH8$&Fq6hI%q6 zeE?|bGOH|Zn$L{SIBL2)7tQN`s91gQ#*$Xhu&8*nO&X*i&_}l*eNn}nM2i*X*JH@; zE9LD)aqz1!ME0A|<*T}~M;(DfW$>uD@vTMkF!OkVSmiF>%ILgnWk&z$Q=J7}WMKJe zN3^8(|7MKoHTjDOFR-btu5f@X1Is_KBEc2o| zGrZ~ZDLcw+s;=3o5cUy;k$rLOZ(Cftoccle;oa{xC#2m05AMHqcba!bfqfdlzNEvU zw@ihl@Dc{ZhjC=DMJccJx#$ZbnF23L@a7~h>h@uzd&Ry01nl^IFzE;s8;sNGyrAVf z2>49gcFP?v)_wsLOZMSsOo+ihi)MmLYZCK0{Xl>I2nXby?tlyV&w$L27wc!>({sM< zAyA)RN4*C4`LfHCfV7@dVsLZ}d7J8#bB8>6d4TMYS+SQHG63J-Ql6j)ib15A$egg? zz0Z0p6rk%}$kLQ4#4Eef{lKZPPEKgN-anh-IT?4KZ05<0U1H=73+;dDHsQIKHmWkIbW8l;t2RPVXqy?zv&a1BKtn|&Ald9}^ARcqP zNg>e=G&Z<6OLWPDVJ@X64Gk~&ubJ(}soB^AxLIwx)8L9XjO-au&`1Au$JugUX++=O zIH6(H^ZTnG>XvhgjsSCq60L# zlja=JaSaxeat>XsK&hl5`(>w}T4IQ!y|B}k*R=-x%Id0DH2xgM{L#LB@x`TdnWRX% z+gb!=O4xBVUj*;F{Du$0y!Qh{N_J#3h!}xKg<<4kWh7Nyio^Dv>EhT#awVvR z5aECq9Y-zEUFQJxl%*$Vlt(}UTEq!z-Df&8MH_t%opL`Mmtn=ncF(ww*#FvD1!J&%dIQ}7=6_iE9p9Qd1Ey`RkD&`#UgH^itCC)shgLhnv zP&Lpu0kh2oi-y=~A>V7UrI^Wm52@jqlOlthIo%As+nFM+#)<1Hw_`R45HR5t)+L01 z;0sS-IxQvhekW;T?OR#Wo|eiI69Ei4gsvKrwo=3t)Js)W%8{#bB=m**YAaVJ`G|=K zC&!HT`>AOvIW_uD6nd7NtS^h|l>o90PuZv|xnsPU{T#MAIkH?)5V8?F6>J=n5-pZg zemVrTZL1^-|2@Dh`pOm!-uOpRFx;nfGj&^Zsk8P`$;|c+OB+1!ihUynTh$(KdeXN~ zttLV>QV8}E4by!)|9#z0`MXx*wSsgqt)24L7Y%T+4}x<(muj& z3`dGF-Rn}Vcy9jN&7e@_?;y{-5B&>}wAtUSSBAH(T)&&&mHi3IL#kA<{xkUyz+w=On)iak7A-4$3<{9HkBwD&Mbd zVb&l>!wHH?W|>D=lptB7dCsr>2mt}>Db+4~${5SmVk5Hb*@TpqsI1w9uLxGX=~7?~ z46VPblA&`<&_nka zawLz0>gq^lyWyoaO1)`2B$A-zcf*w|$?4>1{Al6`LE4AJnYyAX2;tG8dTW^zz5Z`~4_H5iNGtc|BZx z9ep21IqjNwnPiNAir{pCx^&Mj(dG+l5~an^21VAQC`0WsKhk7M$l|Pv;(#S;J^9MU zmi~Y%WDFrm16hJQ*@>)=W{cC7#U$#q1-ICu+Tt`4BbHRb3T8DU4l^Is z&e8{e#kv|KB~i+yc&72j=qG_CTWeUX>oU4L5T8IdG1($d%HQ-wp(-Lpy1th~1QIhCll31&Lin9z#a z5m8mY+q3W0#5Z91BTvvMVSS@qVT9T^ut>Q-T`xf!HIxaQ_> zgVFD!lbGKe7^}1xCq)>nRJx`>g2A8_iiAk+Bhx+MJjfGeNYN0bgTS$&r11AWG)z&L zl;UoqVx$r-CJ0Z0kcq|2zDCf&eT|9eW6s=NSs_CzsD6lZmsA`xlPppy<~uQufa{75 zvh?mvgo;=qOma_@R0?A}lAkmiibl;xCJY(k?=iOVxz92XU&0Fc!EuE0>T&ti{$hcc z!8GI}gy8Y7R?If;%;asws9NgY8&Qs$o;Pl0q&N>5%J3@a__?<32oP0PSHtiOR13c& zmJu}db9}IH29>E7yFCO;FaynHe3YVcd&zphnNdqshzRu1J*2_(9(4pMkU=4El;-2H z|1qu8sHuEdT{c^xCMRe#tE`Pc40o}aDIsDmvV)px&Uw%>O|2-=&nc10UTDb*nJ!(p z4waS50kK>B6y%Pyr+nriu$7?+)-QT#?~0i+s1X?u#J|-@C-{=VwU56_ z5b$EmdN>wQfsf(4!iKuR9`OcpP-GgR5F;XRj}7Ho9`ph3*egw{K7tkVAIUTlL~4ui zb=gPvEVx7RS+YTtcEU0MtmOU-&dg;=Fr5HmC9`OsfmA3|Wi^^J5PYl#I>s4%QA+sR zd0Ipz1rmAD;0pOD6Jo=4bj4bpy*F9n^@LY>U;kN(R9O0X<`(o6tl6RuL{TLtgUnow zeC=eQm_J@|xWw+R^wGBq%ocwpj9L$n#=NLk`#O`$@gpyy6D0Ywc>IOxJrzjpH6NWoGx}*A)>?}7t+X83%H%mt~#|Cxz>-0vLDUY zZC^KM`ewizeFvAX-JVsTkYh*~RpCJPICuywvd{wC_glTth>aFeeR7N(5=hR&695qp z&J-|wY#sK!o;iAsdLhe1@bsiKI>uKK4W1(>sZKP7Lg6AMtc?NdyJfS%AH6W`>;+bmIs?0oz7>c1O z>zFhaX{kJmlOV**&OMuC%a)+m4|w-_wYN8uBk~)nNF&|V2PT*Kdvq5y4nB5_D%3n> z=BIvJSG#F|^_#Owz%%2HTtV%n2 z!40M?IYU?`)e9ZOBqIEb9Q(@zv|7eNm`e^tooe{Eh@|I2s&GP65H{(If~Dwu1NB8x z)c664X;E&nEr*n@k1Vo%(Dm%06OuOplp-N7`YK{~*ZvHMi^qVtg;wiE#G*SjAYF$#-( zW{VyTbeaceItE2Nw?_y4ISX9(`KWRJ0`8>9eE>lK0hF8;4gw!gim6L~c@ME5~Tb+@v%Hnp3%sa2#Mb@g= zwWkPa<0lMW3%xx1X8m)y(@-%ZsFobkN)@v(b4b(swAGrGLI5STG)z7%;@;bW;?)qF zm>${g7HbVf1i`kt700msNZw66j+@RawcxKF*qnFgBXFa36J_tKKSAnZoFYR=>uTJO zKZD86drD~I#k-9p2o0BT&&Xy)2xXK!@Qy?tFq8XliPX>(b0X*2$9@sLYI+|BK=xfS zSBfRFqX zWK*TlOp*{1Baw{&$h%`ANp^MAlDpY$0t0v+(R|I+qG-c1S`FNrmqpsX6>tqbh&9L1 zUk`W9m-KuV+OuA0G5)#iw12z7H4WN-lBxgD3n79rLxr`x!nM$pZ5ubC%Qks<8Vn|f zhfCFG>6V@xnHrVG=s7!F!)L7QcHHMyG?IRR@rY1V>TUc)jaeCu(##*XH1ojQoebeu zD!D{wlaIkoR)0uv@--R(0>7t&XuJXwx)dhAfJ^oc2S5QBV4pvzqWEmfg%wHw!D+H3 z4Y^isLmSm+yTIdzP@qL*S~C{B`WWuK=Y=%C`?h5xjW%(L8$eU-r=b33oqwVo$61(> z*nk3hzW%(zd2qg$*40&K>bO;;oUHR}ob=bRwb<&c_-a#qQ}6DUN~tqz+|yEUQ;5#7 z_YX<49nCabc57ux_-a+Hpxq4$u-&lOrHpkL0X>9jMXw z%v?m1_R4_bXRUF| ziJNwKRr`isHPctS2oprBje;MXaH-O^EM|y(Lh|QzSe*X8vQPDNceiPKxfp#0!9sAmAl}e# z*{l5{fFL>T_j-Eyy4GAuN%w8+5}Nvay6joA3(IhZ`lS4kX8gG!Iyj&eWunqJxdD#F zCDd;{u7%&ETK0xhT?xyw+NB6^}#wSw^r)Hz3D)_ zhAV%M*}f$;Y!1y)uC8^kZi=`j^074E-To&Ce9daO(oe7>iU;R`!e}6=Nxem52`g$B z9fOIN?uu|1S;cmCC!KpC(kx?J`&yDen!?*O-b3*1F(`DLyhwf2j{gvllmVw=WFG)$ z62cL4i%p5>UHgh>T^yzTFsWS;EQPP7=i%F5&r0&?5czR)2Ue)|r%xja*gv#>3G}i& z3Bcwk_l(A`EJEu2O)*g-K2xiO_PW(BbV367en8~Z6<@ApO&hlE6z+?^S4H@Ts{q-B zmjb+?ki+@|*N4BSZqrDIsJI13$2NDAg({SRYZ?UMHg5nf|vn@PF$6SlRxP3;tXG_up{t{!9O1mdK|JE(jz3o=buq2@X$d%gy7X z(7&s_!CA%IgC}#98T7)x=ia5av#WpS-=Qz?zJG)q@b=nk0GoN7D;-ETq-}AAU}nTn z_NWGVY#8xwM)37Cb#_{m+*ngH5xkO2)9%_eOs%S3J;tKu_%T(xug-`ax-Nd#F^5sf zyzU-;nYv7X(ZZdKsXMM_No99fCWmgCS8KE?nX49SFQnIF#q|`;1@7Kh9Y$U539{!T z-gvU>6F!tQnDvl{8QEb)P$Aev``xtKo>_Q}bJZ`{w9DDu&bDF@Q$(_bD4OximuMr} yHz`V5z^fh#@GGygY-k1wEZ=|p2-?w