gem 'rack-attack'
gem 'rack-cors'
1. rack-attack 可以根据ip、域名等设置黑名单、设置访问频率
- 设置黑名单
# 新增 config/initializers/rack_attack.rb
# 请求referer如果匹配不上设置的allowed_origins,返回403 forbidden
Rack::Attack.blocklist('block bad domains') do |req|
next if !req.path.start_with?('/admin_api/') || Rails.env.test?
Rails.application.credentials.allowed_origins.none? {
|r| Regexp.new(r) =~ req.referer }
end
# EDITOR="vim" bin/rails credentials:edit
allowed_origins