我rack-throttle
在我的 rails 3 应用程序中用作限速引擎。Rack::Throttle::Interval
我已经根据定义自定义速率限制逻辑创建了自己的类。我正在检查请求是否针对确切的控制器和确切的操作。如果我提出GET
要求,这可以正常工作。但是,如果我发送POST
请求,我会遇到一些问题。
class CustomLimiter < Rack::Throttle::Interval
def allowed?(request)
path_info = Rails.application.routes.recognize_path request.url rescue path_info = {}
if path_info[:controller] == "some_controller" and path_info[:action] == "some_action"
super
else
true
end
end
end
这是我的控制器操作
def question
#user is redirected here
end
def check_answer
#some logic to check answer
redirect_to question_path
end
我的路线
get "questions" => "application#question", :as => "question"
post "check_answer" => "application#check_answer", :as => "check_answer"
编辑:
问题是POST
请求即将到达应用程序,因此allowed?
调用了该方法。但是当我打电话时,Rails.application.routes.recognize_path
我得到了一个Route set not finalized
例外。我如何防止用户在确切控制器的确切操作的帮助下发送大量发布请求rack-throttle
添加中间件application.rb
class Application < Rails::Application
#Set up rate limiting
config.require "ip_limiter"
config.require "ip_user_agent_limiter"
config.middleware.use IpLimiter, :min => 0.2
config.middleware.use IpUserAgentLimiter, :min => 2
end
两者IpLimiter
都IpUserAgentLimiter
来自自定义限制器