Add IP safelist for Rack Attack

Description

We'd like to be able to safelist certain IP addresses so they are not blocked by Rack Attack. The safelist should be in the config file.

To test, add someone's IP to the safelist and then have them make a number of requests that would ordinarily get them blocked from accessing the Archive. They should not be blocked from accessing the site.

Activity

Show:
Sarken
June 15, 2020, 2:26 AM

Before my IP was added to the safe list, I tried for i in {301..600}; do curl -u staging_login:staging_password -k -I https://test.archiveofourown.org/works/$i ; echo $i ; done and eventually got 429 response, meaning I was rate limited as expected.

After it was added to the safe list a day or so later, I tried the same command. I did not get rate limited.

Looks good!

Tag Wrangler Chairs
June 15, 2020, 7:00 AM

Ran the curl command while not white listed. Got the too many requests error:

 

HTTP/1.1 429 Too Many Requests
Server: nginx/1.17.4
Date: Mon, 15 Jun 2020 06:52:47 GMT
Content-Type: text/plain
Connection: close
Retry-After: 300
X-Rack-Dev-Mark-Env: staging
X-Request-Id: c3abc858-47ba-4db5-8dfa-434b965314d7
X-Runtime: 0.002842
X-Proxy-Cache: MISS
X-Hostname: test-front11
X-Proxy-Cache: MISS
X-Hostname: test-front11
Cache-Control: public, s-maxage=10

Tag Wrangler Chairs
June 15, 2020, 11:33 AM

Qem: Victoly!

 

Successfully ran script all the way.

Assignee

james_

Reporter

Sarken

Roadmap

Misc

Priority

High

Affects versions

Fix versions

Components

BackEnd

Difficulty

Medium

Milestone

Internal 0.9
Configure