How can I see what `Rack::Protection` is doing with Sinatra server?

Question

I have a Sinatra server in an AWS environment with a load balancer between the client and the server.

Unless I do something like:

disable: protection

it gives 'Forbidden' on a redirect. I don't want to always disable protection, and I should narrow the amount of disabled protection, so I would like to know what protection is forbidding my redirect.

I am expecting to see something like:

attack prevented by Rack::Protection::<Something>

I have:

enable: logging

and:

-e development

but can't get any feedback from Rack::Protection on why it is applying a rule.

I have tried this:

def self.log_rack_protection(namespace = nil, data = nil)
  puts "rack data: #{data.pretty_inspect}"
end
use Rack::Protection, instrumenter: log_rack_protection

but it doesn't seem to be called except on startup.

What do I need to do to get more feedback from Rack::Protection on what module is doing the blocking? Alternatively, is there some configuration we should be applying to the load balancer to stop this protection?

Answer 1

While I did not work out how to get better logging, I did work out that doing this:

set :protection, :except => [:json_csrf]

stopped the 'Forbidden' message on a client side redirect in the scenario described in the question.