This is the sample application from the talk The Barbican about using Kickstarter'sRack::Attack to throttle malicious requests to a Rails API.
See the slides from the talk for reference.
rails new barbican-arlington --database=postgresql
cd barbican-arlington
echo 'ruby "2.4.1"' >> Gemfile
git add .
git commit -m "Initial commit"
barbican-arlington
git remote add origin https://github.com/USERNAME/barbican-arlington.git
git push -u origin master
heroku create
git push heroku master
heroku open
rails generate controller Targets index create
resources :targets, only: [:index, :create]
skip_before_action :verify_authenticity_token
gem 'rack-attack'
bundle install
config.middleware.use Rack::Attack
rails dev:cache
class Rack::Attack
end
throttle('req/ip', :limit => 10, :period => 1.minutes) do |req|
req.ip
end
throttle('req/ipnonget', :limit => 3, :period => 1.minutes) do |req|
req.ip unless req.get?
end
gem 'redis-rails'
config.cache_store = :redis_store, 'redis://localhost:6379/0'
config.cache_store = :redis_store, ENV['REDIS_URL']