Skip to content

Resetting a throttle rule for a specific client #662

Description

@alexsmartens

Scenario

class Rack::Attack
  throttle("req/ip", limit: 1000, period: 1.hour) do |request|
    request.ip
  end
end

I am looking for a way to reset (clear out) this rule for a specific client.

Workaround

class Rack::Attack
 self.throttled_responder = lambda do |request|
     annotate_session_with_throttled_reset_keys!(request)

    [429, { "Content-Type" => "text/plain" }, "Too many requests, please try again later."]
  end

 class << self
    private

    def annotate_session_with_throttled_reset_keys!(request)
      name = request.env['rack.attack.matched']
      discriminator = request.env['rack.attack.match_discriminator']
      period = request.env['rack.attack.throttle_data'][name][:period]
      unprefixed_key = "#{name}:#{discriminator}"

      request.session[:throttled_unprefixed_key] = unprefixed_key
      request.session[:throttled_period] = period
    end
  end

Resetting the rule if this client solves a challenge or what not:

unprefixed_key = session[:throttled_unprefixed_key]
period = session[:throttled_period]
Rack::Attack.cache.reset_count(unprefixed_key, period)

It is not entirely clear how to reset a rule-client combination if period is unknown though, say when an admin wants to clear out throttling for a client.

Question

Is there a simpler way to reset a rule for a specific client? Perhaps something not requiring period

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions