如何在机架级别阻止请求?
[英]How to Block Requests at the Rack Level?
问题描述
When running a Rails4 app, I often see bots probing to see whether I'm running a Wordpress site. 
运行Rails4应用程序时,我经常看到机器人正在探究我是否正在运行Wordpress网站。 I expect that they are looking to either create comment spam or looking for Wordpress security vulnerabilities. 我希望他们想要创建评论垃圾邮件或寻找Wordpress安全漏洞。
Here's an example error from the log: 这是日志中的示例错误:
ActionController::RoutingError (No route matches [GET] "/wp-login.php")
What is a simple example of Rack middleware where I could block this http request? 什么是Rack中间件的简单示例,我可以阻止此http请求? How would I name the file and where would it go in the Rails application? 我如何命名文件以及它在Rails应用程序中的位置?
Thank you! 谢谢!
2 个解决方案
解决方案1
8 已采纳 2015-12-07 05:24:24
You can use rack-attack gem to blacklist certain requests and the requests from specific ip addresses as well. 您可以使用rack-attack gem将某些请求和来自特定IP地址的请求列入黑名单。 You can also throttle requests for certain amount of time using this gem. 您还可以使用此gem限制请求一定时间。
Follow the readme from the github documentation to install and setup the gem in your Rails project. 按照github文档中的自述文件在Rails项目中安装和设置gem。
To blacklist certain requests, you can do something like this in the app/config/initializers/rack_attack.rb file: 要将某些请求列入黑名单,您可以在app/config/initializers/rack_attack.rb文件中执行以下操作:
# Block logins from a bad user agent
Rack::Attack.blacklist('block bad UA logins') do |req|
req.path == '/wp-login.php' && req.get? && req.user_agent == 'BadUA'
end
解决方案2
0 2018-12-10 06:13:40
You can use this code below to block all match ".php" using rack-attack gem. 您可以使用下面的代码来阻止使用rack-attack gem的所有匹配“.php”。
blocklist('block/php') do |req|
req.ip if /\S+\.php/.match(req.path)
end
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.