Rack::Attack
Rack middleware for blocking & throttling (by rack)
SecureHeaders
Manages application of security headers with many safe defaults (by github)
Our great sponsors
Rack::Attack | SecureHeaders | |
---|---|---|
13 | 2 | |
5,467 | 3,121 | |
0.5% | 0.1% | |
7.1 | 4.2 | |
19 days ago | 7 months ago | |
Ruby | Ruby | |
MIT License | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Rack::Attack
Posts with mentions or reviews of Rack::Attack.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-10-28.
-
Rails Authentication for Compliance
The first line of defense should be to put rate-limiting on your login endpoints. rack-attack can help with that. I recommend to limit the login attempts to 5 per minute for a username and block the IP for 30 minutes. You should also limit the number of login attempts from the same IP address, but this needs to be adjusted to the application you are working on, because if it is a tool used in classrooms, it might be legit to have 50 logins within a few minutes from the same IP. (I have a few post written about rack-attack)
-
4 Essential Security Tools To Level Up Your Rails Security
Rack::Attack
- Huginn’s IP keeps getting blocked by Kickstarter
-
10 things I add to every Rails app
The final gem I like to include in all projects is rack-attack. This is a rate limiting tool which is great for throttling dangerous actions in your app to prevent bot attacks or other malicious users.
-
Rails application boilerplate for fast MVP development
rack-attack to prevent bruteforce and DDoS attacks
-
What is happening once you launch and open a Rails app to the real, wild web
https://github.com/rack/rack-attack#fail2ban
It's entirely normal and expected. If your site gets any traction, volume and sophistication of probing will only increase. I recommend starting by setting up Rack Attack (https://github.com/rack/rack-attack), that will help you block the bad actors for awhile, if the volume gets high enough you'll want to start blocking traffic upstream in reverse proxy or load balancing layer, depending on architecture.
SecureHeaders
Posts with mentions or reviews of SecureHeaders.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-05-31.
-
4 Essential Security Tools To Level Up Your Rails Security
The secure_headers gem will automatically apply several headers that are related to security. This includes:
-
Rails application boilerplate for fast MVP development
add secure_headers
What are some alternatives?
When comparing Rack::Attack and SecureHeaders you can also consider the following projects:
Metasploit - Metasploit Framework
Rack::Protection - NOTE: This project has been merged upstream to sinatra/sinatra
rspec-rails - RSpec for Rails 6+
BeEF - The Browser Exploitation Framework Project
Rack::UTF8Sanitizer - Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters in request URI and headers.
rack-throttle - Rack middleware for rate-limiting incoming HTTP requests.
Rack::ContentSecurityPolicy
Gitrob - Reconnaissance tool for GitHub organizations
Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications