Fix #6 - Rate limit GET reqs to 300/5min, POST to 100/5min

author Eugen Rochko <eugen@zeonfederated.com>

Sat, 24 Sep 2016 11:53:54 +0000 (13:53 +0200)

committer Eugen Rochko <eugen@zeonfederated.com>

Sat, 24 Sep 2016 11:53:54 +0000 (13:53 +0200)
author Eugen Rochko <eugen@zeonfederated.com>
Sat, 24 Sep 2016 11:53:54 +0000 (13:53 +0200)
committer Eugen Rochko <eugen@zeonfederated.com>
Sat, 24 Sep 2016 11:53:54 +0000 (13:53 +0200)
diff --git a/config/initializers/rack-attack.rb b/config/initializers/rack-attack.rb

index 15fc6b351df956e22c99818a1baa1da6a391071c..fb447685bf00cedd2361fdc9bd669a2ede1e1c24 100644 (file)
--- a/config/initializers/rack-attack.rb
+++ b/config/initializers/rack-attack.rb
@@ -1,5 +1,9 @@
  class Rack::Attack
-  throttle('req/ip', limit: 300, period: 5.minutes) do |req|
-    req.ip
+  throttle('get-req/ip', limit: 300, period: 5.minutes) do |req|
+    req.ip if req.get?
+  end
+
+  throttle('post-req/ip', limit: 100, period: 5.minutes) do |req|
+    req.ip if req.post?
    end
  end
author	Eugen Rochko <eugen@zeonfederated.com>
	Sat, 24 Sep 2016 11:53:54 +0000 (13:53 +0200)
committer	Eugen Rochko <eugen@zeonfederated.com>
	Sat, 24 Sep 2016 11:53:54 +0000 (13:53 +0200)