dancinglightning said almost 8 years ago on Rails API - Throttling with Rack::Attack :

Very nice. I use it on every app nowadays. Throtteling off course, but also to deal with probes:

Rack::Attack.blacklist('block admin probes') do |req|

  # Request are blocked if the return value is truthy

  block = false

  ["php" , "jsp" , "cgi", "asp", "cfm," "proxy.txt", "soapCaller", "Win32" , "HNAP1" , "w00tw00t",

    "pma" , "mysql" ,"msd" , "MySQL" , "jmx-console" , "ervlet" , "xml" , "cart" ,"install"].each do |no|

    block = true if  req.path.include?(no)

  end

  block

end

 


Login to Comment