explaingit

rack/rack-attack

5,730RubyAudience · developerComplexity · 2/5Setup · moderate

TLDR

Rack::Attack is a Ruby middleware library that protects Rails and Rack web apps from abuse by letting you define rules to block bad IPs, throttle login forms and APIs, and permanently ban repeat offenders.

Mindmap

mindmap
  root((repo))
    Protection modes
      Safelists always allow
      Blocklists always reject
      Throttles rate limit
      Fail2Ban permanent ban
      Allow2Ban inverse ban
    Common targets
      Login forms
      API endpoints
      Known bad IPs
      Internal routes
    Integration
      Rails middleware
      Any Rack framework
      Redis or Rails cache
    Observability
      Custom HTTP responses
      Event hooks for logging
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Throttle login form submissions to block brute-force password attacks on a Rails app

USE CASE 2

Block all traffic from a known malicious IP address or IP range automatically

USE CASE 3

Rate-limit API endpoints so a single client cannot hammer the server beyond a set number of requests per minute

USE CASE 4

Permanently ban clients that repeatedly trigger suspicious request patterns using Fail2Ban

Tech stack

RubyRailsRackRedis

Getting it running

Difficulty · moderate Time to first run · 30min

Requires a cache store such as Redis to persist throttle counters and ban state across requests.

No license information is specified in the repository.

In plain English

Rack::Attack is a Ruby library that lets you protect a web application from unwanted or abusive traffic. It works as middleware, meaning it sits in front of your application and inspects incoming requests before they reach your code. You define rules describing which requests to allow, which to block, and which to slow down, and the library enforces those rules automatically. The three core tools are safelists, blocklists, and throttles. A safelist marks certain requests as always allowed, such as requests from your own office IP address or from authenticated internal users. A blocklist identifies requests that should always be rejected, such as traffic from a known bad IP or requests hitting a path that should never be publicly accessible. A throttle limits how many requests a client can make within a time window, which is useful for protecting login forms or APIs from being hammered. The library also includes two more advanced patterns called Fail2Ban and Allow2Ban. Fail2Ban tracks suspicious requests and permanently blocks a client after they trip a threshold a certain number of times, similar in concept to the Unix tool of the same name. Allow2Ban does the reverse: it lets requests through until a threshold is reached, then cuts off the client. Rack::Attack is designed for Rails applications but works with any Ruby web framework built on the Rack standard. Rules are written in Ruby and live in an initializer file. Blocked and throttled requests can return customized HTTP responses. The library also emits events that you can hook into for logging or monitoring. State for throttles and ban tracking is stored in a cache, which defaults to Rails.cache but can be configured to use Redis or another store. Installation is through a Gemfile entry. The project includes documentation for common configuration patterns and a test helper for verifying your rules work as expected.

Copy-paste prompts

Prompt 1
Help me add Rack::Attack to my Rails app to throttle login attempts to 5 per minute per IP address and return a custom 429 JSON response when the limit is hit.
Prompt 2
Using Rack::Attack, write rules that block all requests to /admin from IPs not in my office's allowed range, and log every blocked request to Rails.logger.
Prompt 3
Show me how to configure Rack::Attack's Fail2Ban to permanently block any IP that hits a non-existent path more than 10 times in 10 minutes, storing state in Redis.
Prompt 4
I want to write RSpec tests for my Rack::Attack rules using its built-in test helper. Show me the setup and write tests that confirm my throttle fires at the right count.
Open on GitHub → Explain another repo

← rack on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.