Rails rack attack gem throttle

Question

I don't know why I can not use rack-attack gem Here what I did

Gemfile

gem 'rack-attack'

I ve installed the gem

config/application.rb

config.middleware.use Rack::Attack

initializers/rack-attack.rb

class Rack::Attack

throttle('logins/ip', :limit => 5, :period => 60.seconds) do |req|
  if req.path == '/login' && req.post?
  Rails.logger.error("Rack::Attack Too many login attempts from IP: #{req.ip}")
  req.ip 
  end
end

end

routes.rb

post   'login'   => 'index#create'
root 'index#new'
get 'login' => 'index#new'

I am using Rails 4.2.3 and the rack-attack gem 4.3.0

I wonder what I miss

here too. +1. won't work out of the box in development – Tim Kretschmer Jun 15 '16 at 16:52 — Tim Kretschmer, Jun 15 '16 at 16:52

score 8 · Answer 1 · answered Nov 13 '17 at 15:10

8

make sure you configure cache.store in your initializers/rack-attack.rb file you can configure it like that:

class Rack::Attack
  ...
  cache.store = ActiveSupport::Cache::MemoryStore.new
  ...
end

answered Nov 13 '17 at 15:10

Mosab.Mohamed

111
1
3

Using `Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new` might also work for some – cavpollo May 01 '18 at 20:42

score 0 · Answer 2 · answered Sep 20 '16 at 10:47

0

You may need enable the cache in your development environment

please set config.cache_classes = true in config/environments/development.rb.

answered Sep 20 '16 at 10:47

Yang

389
2
15

1

doesn't work even after enabling cache_class= true in development.rb – user3775217 Feb 28 '17 at 06:25
cache_classes is for class loading, not for the cache store. From Rails documentation: config.cache_classes controls whether or not application classes and modules should be reloaded if they change. Defaults to false in development mode, and true in production mode. In test mode, the default is false if Spring is installed, true otherwise. – sekmo Oct 01 '20 at 09:16

Rails rack attack gem throttle

2 Answers2