Add rack-attack, block one client who's hammering us.

2013-07-09 11:02:38 +02:00 · 2013-07-09 11:02:38 +02:00 · a46488078f
commit a46488078f
parent 64653c0307
3 changed files with 11 additions and 0 deletions
--- a/1
+++ b/1
@ -14,6 +14,7 @@ gem 'sentry-raven',    github: 'getsentry/raven-ruby'
 gem 'yard-sinatra',    github: 'rkh/yard-sinatra'
 gem 'rack-contrib',    github: 'rack/rack-contrib'
 gem 'rack-cache',      '~> 1.2'
+gem 'rack-attack'
 gem 'gh'
 gem 'bunny'
 gem 'dalli'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -193,6 +193,8 @@ GEM
      multi_json (~> 1.0)
      signature (~> 0.1.6)
    rack (1.4.5)
+    rack-attack (2.2.0)
+      rack
    rack-cache (1.2)
      rack (>= 0.4)
    rack-protection (1.5.0)
@ -288,6 +290,7 @@ DEPENDENCIES
  mocha (~> 0.12)
  pry
  puma (= 2.3.1)
+  rack-attack
  rack-cache (~> 1.2)
  rack-contrib!
  rake (~> 0.9.2)
--- a/lib/travis/api/app.rb
+++ b/lib/travis/api/app.rb
@ -4,6 +4,7 @@ require 'rack'
 require 'rack/protection'
 require 'rack/contrib'
 require 'rack/cache'
+require 'rack/attack'
 require 'active_record'
 require 'redis'
 require 'gh'
@ -86,6 +87,12 @@ module Travis::Api
          env['travis.global_prefix'] = env['SCRIPT_NAME']
        end

+        use Rack::Attack
+
+        Rack::Attack.blacklist('block client requesting ruby builds') do |req|
+          req.ip == "130.15.4.210"
+        end
+
        use Travis::Api::App::Middleware::ScopeCheck
        use Travis::Api::App::Middleware::Logging
        use Travis::Api::App::Middleware::Metriks