Sidekiq
Rack::Attack
Our great sponsors
Sidekiq | Rack::Attack | |
---|---|---|
91 | 13 | |
12,940 | 5,482 | |
0.4% | 0.6% | |
8.9 | 7.1 | |
about 13 hours ago | about 2 months ago | |
Ruby | Ruby | |
GNU Lesser General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Sidekiq
-
solid_queue alternatives - Sidekiq and good_job
3 projects | 21 Apr 2024
I'd say Sidekiq is the top competitor here.
-
Valkey Is Rapidly Overtaking Redis
There's something wrong at Redislabs, it took them over a year to get RESP3 rolled out into their hosted service, you'd expect a rollout of that to be a bit quicker when they're the owner of Redis.
It affected us when upgrading Sidekiq to version 7, which dropped support for older Redis, and their Envoy proxy setup didn't support HELLO and RESP3: https://github.com/sidekiq/sidekiq/issues/5594
-
Redis Re-Implemented with SQLite
That depends on how the `maxmemory-policy` is configured, and queue systems based on Redis will tell you not to allow eviction. https://github.com/sidekiq/sidekiq/wiki/Using-Redis#memory (it even logs a warnings if it detects your Redis is misconfigured IIRC).
-
3 one-person million dollar online businesses
Sidekiq https://sidekiq.org/: This one started as an open source project, once it got enough traction, the developer made a premium version of it, and makes money by selling licenses to businesses.
-
Choose Postgres Queue Technology
Sidekiq will drop in-progress jobs when a worker crashes. Sidekiq Pro can recover those jobs but with a large delay. Sidekiq is excellent overall but it’s not suitable for processing critical jobs with a low latency guarantee.
https://github.com/sidekiq/sidekiq/wiki/Reliability
-
We built the fastest CI in the world. It failed
> I'm not sure feature withholding has traditionally worked out well in the developer space.
I think it's worked out well for Sidekiq (https://sidekiq.org). I really like their model of layering valuable features between the OSS / Pro / Enterprise licenses.
-
Exploring concurrent rate limiters, mutexes, semaphores
I was studying Sidekiq's page on rate limiters. The first type of rate limiting mentioned is the concurrent limiter: only n tasks are allowed to run at any point in time. Note that this is independent of time units (e.g. per second), or how long they take to run. The only limitation is the number of concurrent tasks/requests.
- Ask HN: What are some of the most elegant codebases in your favorite language?
- Sidekiq and managing resumable jobs?
-
Organize Business Logic in Your Ruby on Rails Application
The code above isn't idempotent. If you run it twice, it will create two copies, which is probably not what you intended. Why is this important? Because most backend job processors like Sidekiq don't make any guarantees that your jobs will run exactly once.
Rack::Attack
-
Rails Authentication for Compliance
The first line of defense should be to put rate-limiting on your login endpoints. rack-attack can help with that. I recommend to limit the login attempts to 5 per minute for a username and block the IP for 30 minutes. You should also limit the number of login attempts from the same IP address, but this needs to be adjusted to the application you are working on, because if it is a tool used in classrooms, it might be legit to have 50 logins within a few minutes from the same IP. (I have a few post written about rack-attack)
-
4 Essential Security Tools To Level Up Your Rails Security
Rack::Attack
- Huginn’s IP keeps getting blocked by Kickstarter
- rack/rack-attack: Rack middleware for blocking & throttling
-
Rack-attack gem setup to protect Rails and Rack apps from bad clients
Rack middleware for blocking & throttling abusive requests. Protect your Rails and Rack apps from bad clients. Rack::Attack lets you quickly decide when to allow, block, and throttle based on the properties of the request. Using this gem you can save your web application from attacks, we can whitelist IPs, Block requests according to requirements, and many more… Install Rack-attack gem: # In your Gemfile gem 'rack-attack' Enter fullscreen mode Exit fullscreen mode Plugging into the application Then tell your ruby web application to use rack-attack as a middleware. # config/application.rb # rack attack middleware config.middleware.use Rack::Attack Enter fullscreen mode Exit fullscreen mode Once you’ve done that, you’ll need to configure it. You can do this by creating the file, config/initializers/rack-attack.rband adding the rules to fit your needs. You can disable it permanently (like for a specific environment) or temporarily (can be helpful for specific test cases) by writing: Usage Safe listing Safelists have the most precedence, so any request matching a safelist would be allowed despite matching any number of blocklists or throttles. safelist_ip(ip_address_string) Rack::Attack.safelist_ip(“5.6.7.8”) Enter fullscreen mode Exit fullscreen mode safelist_ip(ip_subnet_string) Rack::Attack.safelist_ip(“5.6.7.0/24”) Enter fullscreen mode Exit fullscreen mode safelist(name, &block) Name your custom safelist and make your ruby-block argument return a truthy value if you want the request to be allowed, and false otherwise. Blocking blocklist_ip(ip_address_string) Rack::Attack.blocklist_ip(“1.2.3.4”) Enter fullscreen mode Exit fullscreen mode blocklist_ip(ip_subnet_string) Rack::Attack.blocklist_ip(“1.2.0.0/16”) Enter fullscreen mode Exit fullscreen mode blocklist(name, &block) Name your custom blocklist and make your ruby-block argument return a truthy value if you want the request to be blocked, and false otherwise. Throttling *throttle(name, options, &block) *( provide limit and period as options) Throttle state is stored in a configurable cache (which defaults to Rails.cache if present). Name your custom throttle, provide limit and period as options, and make your ruby-block argument return the discriminator. This discriminator is how you tell rack-attack whether you’re limiting per IP address, per user email, or any other. For example, if we want to restrict requests other than defined routes and display a custom error page. Error page: If we want to restrict requests/IP and if the request limit increases then send a reminder mail. For Example, we want to allow only 300 requests per 30 seconds after that will restrict requests from this IP till the next 30 seconds interval starting. Get error mail if the limit is extended. Performance The overhead of running Rack::Attack is typically negligible (a few milliseconds per request), but it depends on how many checks you’ve configured, and how long they take. Throttles usually require a network roundtrip to your cache server(s), so try to keep the number of throttle checks per request low. If a request is blocklisted or throttled, the response is a very simple Rack response. A single typical ruby web server thread can block several hundred requests per second. Sample rack-attack.rb file For more information: https://github.com/rack/rack-attack If this guide has been helpful to you and your team please share it with others!
-
Limiting the amount of calls user can make to an api
Second vote for rack-attack!
-
Devise and email spam?
You could use something like Rack Attack to mitigate this type of behavior if it becomes an issue.
-
10 things I add to every Rails app
The final gem I like to include in all projects is rack-attack. This is a rate limiting tool which is great for throttling dangerous actions in your app to prevent bot attacks or other malicious users.
-
Rails application boilerplate for fast MVP development
rack-attack to prevent bruteforce and DDoS attacks
-
How to prevent scraping/copying data?
Check out Rack Attack. It lets you block bots that make requests too fast to be real users, or that request obviously-suspect URLs (/phpmyadmin for example). There are lots of other options, but those are the quick wins IMO.
What are some alternatives?
Resque - Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later.
Metasploit - Metasploit Framework
Sneakers - A fast background processing framework for Ruby and RabbitMQ
Rack::Protection - NOTE: This project has been merged upstream to sinatra/sinatra
Shoryuken - A super efficient Amazon SQS thread based message processor for Ruby
rspec-rails - RSpec for Rails 6+
Sucker Punch - Sucker Punch is a Ruby asynchronous processing library using concurrent-ruby, heavily influenced by Sidekiq and girl_friday.
Rack::UTF8Sanitizer - Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters in request URI and headers.
Apache Kafka - Mirror of Apache Kafka
BeEF - The Browser Exploitation Framework Project
celery - Distributed Task Queue (development branch)
Gitrob - Reconnaissance tool for GitHub organizations