Rack::Attack
Sidekiq
Our great sponsors
Rack::Attack | Sidekiq | |
---|---|---|
13 | 88 | |
5,467 | 12,906 | |
0.5% | 0.6% | |
7.1 | 8.9 | |
18 days ago | 12 days ago | |
Ruby | Ruby | |
MIT License | GNU Lesser General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Rack::Attack
-
Rails Authentication for Compliance
The first line of defense should be to put rate-limiting on your login endpoints. rack-attack can help with that. I recommend to limit the login attempts to 5 per minute for a username and block the IP for 30 minutes. You should also limit the number of login attempts from the same IP address, but this needs to be adjusted to the application you are working on, because if it is a tool used in classrooms, it might be legit to have 50 logins within a few minutes from the same IP. (I have a few post written about rack-attack)
-
4 Essential Security Tools To Level Up Your Rails Security
Rack::Attack
- Huginn’s IP keeps getting blocked by Kickstarter
-
10 things I add to every Rails app
The final gem I like to include in all projects is rack-attack. This is a rate limiting tool which is great for throttling dangerous actions in your app to prevent bot attacks or other malicious users.
-
Rails application boilerplate for fast MVP development
rack-attack to prevent bruteforce and DDoS attacks
-
What is happening once you launch and open a Rails app to the real, wild web
https://github.com/rack/rack-attack#fail2ban
It's entirely normal and expected. If your site gets any traction, volume and sophistication of probing will only increase. I recommend starting by setting up Rack Attack (https://github.com/rack/rack-attack), that will help you block the bad actors for awhile, if the volume gets high enough you'll want to start blocking traffic upstream in reverse proxy or load balancing layer, depending on architecture.
Sidekiq
-
3 one-person million dollar online businesses
Sidekiq https://sidekiq.org/: This one started as an open source project, once it got enough traction, the developer made a premium version of it, and makes money by selling licenses to businesses.
-
Choose Postgres Queue Technology
Sidekiq will drop in-progress jobs when a worker crashes. Sidekiq Pro can recover those jobs but with a large delay. Sidekiq is excellent overall but it’s not suitable for processing critical jobs with a low latency guarantee.
-
We built the fastest CI in the world. It failed
> I'm not sure feature withholding has traditionally worked out well in the developer space.
I think it's worked out well for Sidekiq (https://sidekiq.org). I really like their model of layering valuable features between the OSS / Pro / Enterprise licenses.
-
Exploring concurrent rate limiters, mutexes, semaphores
I was studying Sidekiq's page on rate limiters. The first type of rate limiting mentioned is the concurrent limiter: only n tasks are allowed to run at any point in time. Note that this is independent of time units (e.g. per second), or how long they take to run. The only limitation is the number of concurrent tasks/requests.
- Ask HN: What are some of the most elegant codebases in your favorite language?
-
Sidekiq and managing resumable jobs?
Uses Sidekiq's "fake" testing mode which will allow you to run the jobs explicitly
-
Organize Business Logic in Your Ruby on Rails Application
The code above isn't idempotent. If you run it twice, it will create two copies, which is probably not what you intended. Why is this important? Because most backend job processors like Sidekiq don't make any guarantees that your jobs will run exactly once.
There are several workarounds for this, like the magnificent Acidic Job gem or Sidekiq Pro/Enterprise features around enhanced reliability and unique jobs. Still, if they occur, bugs related to missing jobs and/or job idempotency are hard to track down and even harder to fix.
-
Where can I learn to deliver a proper solution?
I forgot to mention that reading code is also a good way to learn how to write code, it's like inspiration. Check repos of some gems you like. For example sidekiq https://github.com/sidekiq/sidekiq/tree/main/lib/sidekiq Or minitest https://github.com/minitest/minitest/tree/master/lib/minitest
What are some alternatives?
Resque - Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later.
Sneakers - A fast background processing framework for Ruby and RabbitMQ
Shoryuken - A super efficient Amazon SQS thread based message processor for Ruby
Sucker Punch - Sucker Punch is a Ruby asynchronous processing library using concurrent-ruby, heavily influenced by Sidekiq and girl_friday.
Apache Kafka - Mirror of Apache Kafka
celery - Distributed Task Queue (development branch)
Delayed::Job - Database based asynchronous priority queue system -- Extracted from Shopify
good_job - Multithreaded, Postgres-based, Active Job backend for Ruby on Rails.
Karafka - Ruby and Rails efficient Kafka processing framework
Que - A Ruby job queue that uses PostgreSQL's advisory locks for speed and reliability.
RocketJob - Ruby's missing background and batch processing system
Backburner - Simple and reliable beanstalkd job queue for ruby