add rack attack gem.

4 files changed, 14 insertions, 0 deletions

diff --git a/Gemfile b/Gemfile
index d46e9574..9f51048d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -40,6 +40,7 @@ gem 'mime-types', '~> 1.25.1'
 gem 'ejs', '~> 1.1.1'
 gem 'js-routes', '~> 0.9.8'
 gem 'geoip'
+gem 'rack-attack'
 
 group :development do
   gem 'capistrano', '~> 3.0', require: false
diff --git a/Gemfile.lock b/Gemfile.lock
index 6960e0e1..cae042e8 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -217,6 +217,8 @@ GEM
       websocket-driver (>= 0.2.0)
     polyglot (0.3.5)
     rack (1.5.2)
+    rack-attack (4.1.0)
+      rack
     rack-test (0.6.2)
       rack (>= 1.0)
     rails (4.1.4)
@@ -380,6 +382,7 @@ DEPENDENCIES
   newrelic_rpm
   pg
   poltergeist
+  rack-attack
   rails (= 4.1.4)
   rmagick (~> 2.13.0)
   rspec-rails
diff --git a/config/application.rb b/config/application.rb
index abb83090..707af9cf 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -45,5 +45,6 @@ module Cake
       :sender_address => %{"notifier" <notifier@cakeside.com>},
       :exception_recipients => ENV['EXCEPTION_EMAIL_ADDRESS'].split(" "),
     } unless Rails.env.test?
+    config.middleware.use Rack::Attack
   end
 end
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
new file mode 100644
index 00000000..2caa81d4
--- /dev/null
+++ b/config/initializers/rack_attack.rb
@@ -0,0 +1,9 @@
+# Throttle requests to 5 requests per second per ip
+Rack::Attack.throttle('req/ip', :limit => 5, :period => 1.second) do |request|
+  # If the return value is truthy, the cache key for the return value
+  # is incremented and compared with the limit. In this case:
+  #   "rack::attack:#{Time.now.to_i/1.second}:req/ip:#{req.ip}"
+  #
+  # If falsy, the cache key is neither incremented nor checked.
+  request.ip
+end