Rack::Attack
bullet
Our great sponsors
Rack::Attack | bullet | |
---|---|---|
13 | 27 | |
5,467 | 6,976 | |
0.5% | - | |
7.1 | 7.7 | |
19 days ago | 2 months ago | |
Ruby | Ruby | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Rack::Attack
-
Rails Authentication for Compliance
The first line of defense should be to put rate-limiting on your login endpoints. rack-attack can help with that. I recommend to limit the login attempts to 5 per minute for a username and block the IP for 30 minutes. You should also limit the number of login attempts from the same IP address, but this needs to be adjusted to the application you are working on, because if it is a tool used in classrooms, it might be legit to have 50 logins within a few minutes from the same IP. (I have a few post written about rack-attack)
-
4 Essential Security Tools To Level Up Your Rails Security
Rack::Attack
- Huginn’s IP keeps getting blocked by Kickstarter
-
10 things I add to every Rails app
The final gem I like to include in all projects is rack-attack. This is a rate limiting tool which is great for throttling dangerous actions in your app to prevent bot attacks or other malicious users.
-
Rails application boilerplate for fast MVP development
rack-attack to prevent bruteforce and DDoS attacks
-
What is happening once you launch and open a Rails app to the real, wild web
https://github.com/rack/rack-attack#fail2ban
It's entirely normal and expected. If your site gets any traction, volume and sophistication of probing will only increase. I recommend starting by setting up Rack Attack (https://github.com/rack/rack-attack), that will help you block the bad actors for awhile, if the volume gets high enough you'll want to start blocking traffic upstream in reverse proxy or load balancing layer, depending on architecture.
bullet
- What was the name of the gem that finds all unindexed foreign keys?
-
Ban 1+N in Django
Rails has Bullet[0] to help identify and warn you against N+1
Does Django have anything active? Quick search revealed nplusone[1] but its been dead since 2018.
-
Inherited rails app - what the hell are all these rack timeout lines in the log?
Without seeing more of the app, it's tough to say for certain, but one gem you might find helpful is the [bullet](https://github.com/flyerhzm/bullet) gem -- set this up in the app then start browsing around the app in development. If you have any N+1 queries or other minor optimizations that could be done it will inform you about them.
-
A Guide to Memoization in Ruby
Getting rid of N+1 queries - This can help improve the speed of an app. The Bullet or Prosopite gems can give a lending hand here. The N+1 Dilemma — Bullet or Prosopite? entails a brief comparison of both.
-
Understanding N and 1 queries problem
There's a Ruby gem called Bullet that identifies and warns developers about N+1 problems. You can also have it fail tests if detected.
I don't know if the approach is possible with every ORM or if it's just leveraging some Ruby perks, but I can't think of a good reason why you wouldn't use the equivalent everywhere.
-
How do you find the cause of slowness in your app?
This is good advice, it'll likely pick out some glaring issues right away. I would generally recommend looking at DB queries here too and recommend Bullet, but most software like DataDog, AppSignal etc will often also point N+1 and issues like it out.
- What are the main suspects in a really slow Rails app?
-
Best way to learn query optimization?
You could add the bullet gem to your project. It can notify you (in a variety of ways) if your queries can be optimised.
-
My project: railstart app
bullet
-
Prosopite gem a year after its release hits 785 stars! Thanks!
I first posted prosopite in this subreddit a year ago as an alternative to bullet.
What are some alternatives?
prosopite - :mag: Rails N+1 queries auto-detection with zero false positives / false negatives
rack-mini-profiler - Profiler for your development and production Ruby rack apps.
Metasploit - Metasploit Framework
Rack::Protection - NOTE: This project has been merged upstream to sinatra/sinatra
Peek - Take a peek into your Rails applications.
Derailed Benchmarks - Go faster, off the Rails - Benchmarks for your whole Rails app
rspec-rails - RSpec for Rails 6+
Rack::UTF8Sanitizer - Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters in request URI and headers.
benchmark-ips - Provides iteration per second benchmarking for Ruby
BeEF - The Browser Exploitation Framework Project
ruby-prof - A ruby profiler. See https://ruby-prof.github.io for more information.
rack-throttle - Rack middleware for rate-limiting incoming HTTP requests.