How does rails rack-attack throttle work?

1.3k Views Asked by hackrnaut At 25 October 2016 at 19:01

Say I have a throttle like this:

throttle('emails/ip', :limit => 5, :period => 24.hours) do |req|
  if req.path == '/users/check_email_availability' && req.post?
    req.ip
  end
end

What happens if someone keeps trying to access that link after they are throttled? Will they be blocked for another 24 hours? Or will the gem only be looking at their last 5 requests? When do they become unthrottled?

Original Q&A

There are 1 best solutions below

slowjack2k On 25 October 2016 at 20:27

Every request, for which you return a truthy value, is cached with a timestamp, even when a request is blocked. To determine if a request is blocked or not rack-attack counts the requests within :period time range.

So rack-attack does not block for :period. Instead it counts all requests within :period and if this count is larger than :limit, the request is blocked.

How does rails rack-attack throttle work?

There are 1 best solutions below

Related Questions in RUBY-ON-RAILS

Related Questions in RUBY

Related Questions in RACKATTACK

Trending Questions

Popular # Hahtags

Popular Questions