add Gem rack_attack for prevent attack brute-force
This commit is contained in:
pedong
simon lehericey
parent
cab5b5cd9b
commit
fc8cebd78d
4 changed files with 26 additions and 0 deletions
1
Gemfile
1
Gemfile
|
|
@ -48,6 +48,7 @@ gem 'prawn_rails'
|
|||
gem 'premailer-rails'
|
||||
gem 'puma' # Use Puma as the app server
|
||||
gem 'pundit'
|
||||
gem 'rack-attack'
|
||||
gem 'rack-mini-profiler'
|
||||
gem 'rails'
|
||||
gem 'rails-i18n' # Locales par défaut
|
||||
|
|
|
|||
|
|
@ -434,6 +434,8 @@ GEM
|
|||
pundit (2.0.1)
|
||||
activesupport (>= 3.0.0)
|
||||
rack (2.0.6)
|
||||
rack-attack (6.0.0)
|
||||
rack (>= 1.0, < 3)
|
||||
rack-mini-profiler (1.0.1)
|
||||
rack (>= 1.2.0)
|
||||
rack-oauth2 (1.9.3)
|
||||
|
|
@ -752,6 +754,7 @@ DEPENDENCIES
|
|||
pry-byebug
|
||||
puma
|
||||
pundit
|
||||
rack-attack
|
||||
rack-mini-profiler
|
||||
rails
|
||||
rails-controller-testing
|
||||
|
|
|
|||
|
|
@ -41,5 +41,6 @@ module TPS
|
|||
end
|
||||
|
||||
config.ds_weekly_overview = ENV['APP_NAME'] == 'tps'
|
||||
config.middleware.use Rack::Attack
|
||||
end
|
||||
end
|
||||
|
|
|
|||
21
config/initializers/rack_attack.rb
Normal file
21
config/initializers/rack_attack.rb
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
if ENV['RAILS_ENV'] != 'test'
|
||||
class Rack::Attack
|
||||
throttle('logins/ip', limit: 5, period: 20.seconds) do |req|
|
||||
if req.path == '/users/sign_in' && req.post?
|
||||
req.ip
|
||||
end
|
||||
end
|
||||
|
||||
throttle('stats/ip', limit: 5, period: 20.seconds) do |req|
|
||||
if req.path == '/stats'
|
||||
req.ip
|
||||
end
|
||||
end
|
||||
|
||||
throttle('contact/ip', limit: 5, period: 20.seconds) do |req|
|
||||
if req.path == '/contact' && req.post?
|
||||
req.ip
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
Loading…
Reference in a new issue