DGNum/demarches-normaliennes
13
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

RackAttack: use remote ip and test it !

Browse source
This commit is contained in:
simon lehericey 2019-08-01 17:12:59 +02:00
parent b7f8bb2fea
commit 0f0fecdb25
3 changed files with 67 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

14
config/initializers/rack_attack.rb
View file

@ -1,21 +1,25 @@
if ENV['RAILS_ENV'] != 'test'
if Rails.env.production?
class Rack::Attack
throttle('logins/ip', limit: 5, period: 20.seconds) do |req|
throttle('/users/sign_in/ip', limit: 5, period: 20.seconds) do |req|
if req.path == '/users/sign_in' && req.post?
req.ip
req.remote_ip
end
end
throttle('stats/ip', limit: 5, period: 20.seconds) do |req|
if req.path == '/stats'
req.ip
req.remote_ip
end
end
throttle('contact/ip', limit: 5, period: 20.seconds) do |req|
if req.path == '/contact' && req.post?
req.ip
req.remote_ip
end
end
Rack::Attack.safelist('allow from localhost') do |req|
IPService.ip_trusted?(req.remote_ip)
end
end
end