3
我在軌道應用中實施Kickstarter的機架攻擊。軌道中的機架攻擊和Allow2Ban過濾4
白名單/黑名單過濾工作正常,但我在使用Allow2Ban鎖定正在敲擊我的sign_in(設計)頁面的IP地址時遇到了問題。注意:我在本地進行測試,並從白名單中刪除了localhost。
# Lockout IP addresses that are hammering your login page.
# After 3 requests in 1 minute, block all requests from that IP for 1 hour.
Rack::Attack.blacklist('allow2ban login scrapers') do |req|
# `filter` returns false value if request is to your login page (but still
# increments the count) so request below the limit are not blocked until
# they hit the limit. At that point, filter will return true and block.
Rack::Attack::Allow2Ban.filter(req.ip, :maxretry => 3, :findtime => 1.minute, :bantime => 1.hour) do
# The count for the IP is incremented if the return value is truthy.
req.path == '/sign_in' and req.post?
end
end
在機架攻擊文件,它明確指出緩存所需的節流功能,即:
Rack::Attack.throttle('req/ip', :limit => 5, :period => 1.second) do |req|)
,但它並沒有說明這對Allow2Ban。任何人都知道緩存是否需要Allow2Ban,或者我是否正確實施上面的代碼上的設計sign_in頁
由於您配置的過濾器可能存在共享狀態,我想您需要打開緩存來測試開發過程中的狀態。你問之前試過嗎? – phoet
順便說一句,rack-attack功能需要在服務器上安裝一些linux公用程序(fail2ban等)嗎? – bmalets