Rack :: Attack不会阻止IP地址列表

时间:2018-12-04 05:36:59

标签: ruby-on-rails ruby-on-rails-5.2 rackattack

我已经安装并配置了Rack :: Attack,但是列入黑名单的IP地址仍在不断访问我的网站。

在config / application.rb中:

require_relative 'boot'

require 'rails/all'

# Require the gems listed in Gemfile, including any gems
# you've limited to :test, :development, or :production.
Bundler.require(*Rails.groups)

module MyApp
  class Application < Rails::Application
    # Initialize configuration defaults for originally generated Rails version.
    config.load_defaults 5.1
    config.middleware.use Rack::Attack


    ActionController::Base.config.relative_url_root = ''
  end
end

和初始化程序/rack_attack.rb 

class Rack::Attack

  Rack::Attack.blocklist_ip("46.229.168.154")
  Rack::Attack.blocklist_ip("23.101.169.3")

  RANGE = (IPAddr.new('54.36.0.0').to_i..IPAddr.new('54.38.255.255').to_i)
  Rack::Attack.blocklist('block_local_network')  do|req|
    RANGE.include?(IPAddr.new(req.ip).to_i)
  end


end

安装配置后,相同的ip_addresses仍在我的站点上。我很兴奋,因为我的访问量比往常增加了5倍,却发现这些垃圾桶有干草味。

1 个答案:

答案 0 :(得分:1)

检查您的安全列表,以查看您要阻止的IP地址是否存在范围或占位符。如果IP地址被安全列表覆盖,则即使该IP地址在阻止列表中也不会被阻止。顺便说一下,您的代码可以通过IP范围进行一些简化。另外,不需要IPAddr.new(req.ip).to_i,只需使用req.ip即可。

RANGE = IPAddr.new '54.36.0.0/14'
puts RANGE.to_range                  # 54.36.0.0..54.39.255.255
puts RANGE.include? '54.36.0.0'      # true
puts RANGE.include? '54.39.255.255'  # true
相关问题
最新问题