Skip to content

Demo application for the talk titled The Barbican given at the Arlington Ruby meetup.

Notifications You must be signed in to change notification settings

bencarle/barbican-arlington

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

The Barbican

This is the sample application from the talk The Barbican about using Kickstarter'sRack::Attack to throttle malicious requests to a Rails API.

See the slides from the talk for reference.

Demo app setup instructions

Rails app

Create a new Rails application

rails new barbican-arlington --database=postgresql

Change directory and set Ruby version

cd barbican-arlington
echo 'ruby "2.4.1"' >> Gemfile

GitHub

Initial Git commit

git add .
git commit -m "Initial commit"

Create a repository on GitHub

barbican-arlington

Push the app to GitHub

git remote add origin https://github.com/USERNAME/barbican-arlington.git
git push -u origin master

Heroku

Create a Heroku app

heroku create

Deploy the app to Heroku

git push heroku master

Open your app

heroku open

Setup a target

Create a Targets controller

rails generate controller Targets index create

Setup resource routes

resources :targets, only: [:index, :create]

Remove CSRF protection from TargetsController

skip_before_action :verify_authenticity_token

Protect the target

Add the rack-attack gem to the Gemfile

gem 'rack-attack'

Install dependencies

bundle install

Tell your app to use the Rack::Attack middleware in config/application.rb

config.middleware.use Rack::Attack

Turn on caching in dev

rails dev:cache

Add config/initializers/rack-attack.rb

class Rack::Attack
end

Add throttling

throttle('req/ip', :limit => 10, :period => 1.minutes) do |req|
  req.ip
end

Add throttling for non-GET requests (POST, PATCH, PUT, DELETE)

throttle('req/ipnonget', :limit => 3, :period => 1.minutes) do |req|
  req.ip unless req.get?
end

Extras

Redis

Add Redis to Gemfile

gem 'redis-rails'

Set development cache store to Redis in development.rb

config.cache_store = :redis_store, 'redis://localhost:6379/0'

Set production cache store to Redis in productino.rb

config.cache_store = :redis_store, ENV['REDIS_URL']
Sponsored by

FullStack Labs

About

Demo application for the talk titled The Barbican given at the Arlington Ruby meetup.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published