fix safelist

Digital-Repository-of-Ireland · Feb 14, 2025 · dd558e7 · dd558e7
1 parent 69182ed
commit dd558e7
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
@@ -16,7 +16,7 @@
 # quickly. If so, enable the condition to exclude them from tracking.
 
 Rack::Attack.safelist_ip(ENV["RACK_ATTACK_SAFELIST"])
-Rack::Attack.safelist_ip(ENV["10.115.0.0/24"])
+Rack::Attack.safelist_ip("10.115.0.0/24")
 
 # Throttle all requests by IP
 #
@@ -34,7 +34,9 @@
 # averaging over a minute -- after bot  attacks costing us money from s3.
 Rack::Attack.throttle('req/ip', limit: 80, period: 1.minutes) do |req|
   req.ip unless (
-                  req.path.start_with?('/assets')
+                  req.path.start_with?('/assets') ||
+                  req.path.start_with?("/images") ||
+                  req.path.start_with?("/iiif")
                  )
 end