Scenario
class Rack::Attack
throttle("req/ip", limit: 1000, period: 1.hour) do |request|
request.ip
end
end
I am looking for a way to reset (clear out) this rule for a specific client.
Workaround
class Rack::Attack
self.throttled_responder = lambda do |request|
annotate_session_with_throttled_reset_keys!(request)
[429, { "Content-Type" => "text/plain" }, "Too many requests, please try again later."]
end
class << self
private
def annotate_session_with_throttled_reset_keys!(request)
name = request.env['rack.attack.matched']
discriminator = request.env['rack.attack.match_discriminator']
period = request.env['rack.attack.throttle_data'][name][:period]
unprefixed_key = "#{name}:#{discriminator}"
request.session[:throttled_unprefixed_key] = unprefixed_key
request.session[:throttled_period] = period
end
end
Resetting the rule if this client solves a challenge or what not:
unprefixed_key = session[:throttled_unprefixed_key]
period = session[:throttled_period]
Rack::Attack.cache.reset_count(unprefixed_key, period)
It is not entirely clear how to reset a rule-client combination if period is unknown though, say when an admin wants to clear out throttling for a client.
Question
Is there a simpler way to reset a rule for a specific client? Perhaps something not requiring period
Scenario
I am looking for a way to reset (clear out) this rule for a specific client.
Workaround
Resetting the rule if this client solves a challenge or what not:
It is not entirely clear how to reset a rule-client combination if
periodis unknown though, say when an admin wants to clear out throttling for a client.Question
Is there a simpler way to reset a rule for a specific client? Perhaps something not requiring
period