From 1bec0c133292364e3348d891323fd9d467f489f4 Mon Sep 17 00:00:00 2001
From: Konstantin Haase <konstantin.mailinglists@googlemail.com>
Date: Mon, 5 Oct 2015 18:19:15 +0200
Subject: [PATCH] block clients sending many POST requests

---
 lib/travis/api/attack.rb | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/travis/api/attack.rb b/lib/travis/api/attack.rb
index d103739e..12c4adb8 100644
--- a/lib/travis/api/attack.rb
+++ b/lib/travis/api/attack.rb
@@ -35,6 +35,16 @@ class Rack::Attack
      end
   end
 
+  ####
+  # Ban based on: IP address or access token
+  # Ban time:     1 hour
+  # Ban after:    10 POST requests within 30 seconds
+  blacklist('spamming with POST requests') do |request|
+     Rack::Attack::Allow2Ban.filter(request.identifier, maxretry: 10, findtime: 30.seconds, bantime: 1.hour) do
+       request.post?
+     end
+  end
+
   ###
   # Throttle:  unauthenticated requests - 50 per minute
   # Scoped by: IP address