DDoS prevention with rack-attack

[eladg]

Set up and configure - Rack attack middleware for Sinatra. We would like to prevent users from submitting more then 1-2 requests per second.

Great info at: https://www.kickstarter.com/backing-and-hacking/rack-attack-protection-from-abusive-clients.

[danielkop]

Keep in mind that a lot of users might be coming from the same IP, such as Triple C customers behind their Carrier grade NAT: http://www.news1.co.il/Archive/0020-D-348341-00.html

Limiting 1-2 requests per second from a specific IP might end up punishing users for being behind a NAT.

[eladg]

Thanks, yes that's true and need to be thought and discuss. This task should be limited to including rack-attack on the app without configuring any limits.