-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improvement on rack-attack configuration #1247
Comments
I'm not sure its worth safelisting any IPs, most example configurations have an unrealistically attainable throttling limit (limit of 40 hits to a route per minute per IP for example.) Also, if its possible to be throttled wouldn't we like to find out about it first hand so that the configuration could be modified? What are your thoughts @weiweishi ? Also, should throttling be captured in Rollbar? |
Does anyone know how to use ActiveSupport::Notifications? Apparently that's the natural language of rack-attack logging and could be useful Rails knowledge more generally. |
Decision is made that we will not safelisting our staff/student assistant IPs. We will add the configuration to safelisting single IP addresses in the configuration file, so that we could do testing with LAC's OAI harvesting when we find a time to coordinate such testing with them. |
And no, @pgwillia have not heard of ActiveSupport::Notifications. Looks like something very useful to implement for this and can leverage it for other types of application support notifications as well |
Did some bench marking regarding lookup times of whitelisted IP's using different structures to hold those ips: array, hash, and btree with a depth of 5. Doing 100,000 requests yeilds (in seconds):
At 80 whitelisted ips it would be more efficient to use a btree over an array but it looks like hash table is by far the most efficient regardless of the number of ips |
We have noticed occasionally ERA will give 429 error message for regular web access as well as OAI harvesting after we introduced rake-attack in #954.
We would like to improve the default configuration:
resources:
[https://blog.bigbinary.com/2018/05/15/how-to-mitigate-ddos-using-rack-attack.html]
[https://github.com/kickstarter/rack-attack]
The text was updated successfully, but these errors were encountered: