block clients sending many POST requests

2015-10-05 18:19:15 +02:00 · 2015-10-05 18:19:15 +02:00 · 1bec0c1332
commit 1bec0c1332
parent e218b13073
1 changed files with 10 additions and 0 deletions
--- a/lib/travis/api/attack.rb
+++ b/lib/travis/api/attack.rb
@ -35,6 +35,16 @@ class Rack::Attack
     end
  end

+  ####
+  # Ban based on: IP address or access token
+  # Ban time:     1 hour
+  # Ban after:    10 POST requests within 30 seconds
+  blacklist('spamming with POST requests') do |request|
+     Rack::Attack::Allow2Ban.filter(request.identifier, maxretry: 10, findtime: 30.seconds, bantime: 1.hour) do
+       request.post?
+     end
+  end
+
  ###
  # Throttle:  unauthenticated requests - 50 per minute
  # Scoped by: IP address