suzanne.soy/travis-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,162 Commits 26 Branches 329 Tags 5.8 MiB
a3d69bb65e
Commit Graph

25 Commits

Author SHA1 Message Date
Igor Wiedler
50b78a1458 Merge branch 'igor-safelist-github-ips' into igor-update-rack-attack 2016-07-05 13:03:05 +02:00
Igor Wiedler
79c14d697e only create/allocate GitHub CIDR object once 2016-07-05 13:02:00 +02:00
Igor Wiedler
d84d3983b8 update rack-attack to 5.0.0.beta1, use safelist/blocklist terminology 2016-07-05 12:58:58 +02:00
Igor Wiedler
a210cf8661 support nil ip 2016-07-05 12:46:32 +02:00
Igor Wiedler
0d90c21dbd require netaddr instead of cidr 2016-07-05 12:39:44 +02:00
Igor Wiedler
e6d7607916 safelist github IP range in Rack::Attack 2016-07-05 12:30:10 +02:00
Igor Wiedler
34fbfc2ccf no longer test against user agent for github rate-limit, since it is not consistently github-camo 2016-07-01 16:27:41 +02:00
Igor Wiedler
0156671fc8 safelist build status image requests coming from github 
Currently almost all calls against API are being rate limited, including
build status images. This leads to common requesters such as GitHub's
camo proxy to get rate limited and receive a 429 response code.

This patch attempts to allow those requests.
 2016-06-29 10:53:27 +02:00
Igor Wiedler
1f56dcc645 replace WHITELIST terminology with SAFELIST 2016-06-29 10:53:27 +02:00
carlad
f51cf1a1d1 update rakefile to allow heroku deployment, update create.rb with api builds rate limit 2016-03-31 16:54:12 +02:00
carlad
49a6bb5d26 add debug to see what request contains 2016-03-31 15:51:44 +02:00
carlad
7e438be4cf remove hard coded request path 2016-03-16 15:20:41 +01:00
Konstantin Haase
bddd9952a7 add ip whitelisting 2015-12-16 15:06:15 +01:00
Konstantin Haase
4f9cb29775 also add a throttle 2015-11-19 19:29:07 +01:00
Konstantin Haase
28ff2f6848 aggressive blocking on /auth/github 2015-11-19 19:24:18 +01:00
Konstantin Haase
cf416e6001 relax GET request throttling 2015-10-13 12:21:08 +02:00
Konstantin Haase
0249140dc8 auto banning: whitelist POST requests for in-browser handshake, on staging only ban for 10 seconds 2015-10-06 11:00:35 +02:00
Konstantin Haase
1bec0c1332 block clients sending many POST requests 2015-10-05 18:19:15 +02:00
Konstantin Haase
e218b13073 be less forgiving with /auth/github requests 2015-10-05 18:16:29 +02:00
carlad
9f2b880f83 increase throttle limit for authenticated requests 2015-09-18 09:58:34 +02:00
Konstantin Haase
e8769dddc5 add missing constant 2015-09-17 15:21:16 +02:00
Konstantin Haase
5e40f33fc1 remove left-overs from inheriting from Rack::Attack 2015-09-17 15:18:48 +02:00
Konstantin Haase
e478c621f2 no more inheritance 2015-09-17 15:13:33 +02:00
Konstantin Haase
dc0da3645a work around strange constant lookup 2015-09-17 15:10:27 +02:00
Konstantin Haase
9303a24595 base throttling on access token if the call is authenticated, rather than on IP address, improve throttling rules 2015-09-17 14:57:50 +02:00