commit: 964035b1186a4dd66be0e0fb6cf56959e21c10e4
parent: 5135d609b774b177d3d3894b176a822d86b73d3c
Author: Tristan Mahé <gled@remote-shell.net>
Date: Sat, 29 Apr 2017 15:27:49 -0700
allow localhost to bypass the ratelimit (#2554)
Diffstat:
1 file changed, 7 insertions(+), 0 deletions(-)
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
@@ -1,6 +1,13 @@
# frozen_string_literal: true
class Rack::Attack
+ # Always allow requests from localhost
+ # (blocklist & throttles are skipped)
+ Rack::Attack.safelist('allow from localhost') do |req|
+ # Requests are allowed if the return value is truthy
+ '127.0.0.1' == req.ip || '::1' == req.ip
+ end
+
# Rate limits for the API
throttle('api', limit: 300, period: 5.minutes) do |req|
req.ip if req.path =~ /\A\/api\/v/