One of the things I love about my job at Icelab is that I get to help build complex web applications that are used by thousands of people.
It’s an unfortunate truth when it comes to the internet though that high-profile sites that are used by lots of people often become the target of malicious activity, whether that be account enumeration attacks, brute-force login attempts, DDoS attacks, or worse. Aside from the obvious requirement to protect the potentially sensitive data your application deals with, it’s also important that it’s available to your users when they want to use it (and not unavailable due to being flooded with requests from a bot farm somewhere).
I recently discovered Rack::Attack, which is a handy middleware for protecting Rack-based apps from poorly-behaved clients. I’ve now implemented Rack::Attack in a couple of our apps and figured it was time to write a blog post detailing how.