Talks
Speakers
Events
Topics
Sign in
Home
Talks
Speakers
Events
Topics
Leaderboard
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
Mature apps face problems with abusive requests like misbehaving users, malicious hackers, and naive scrapers. Too often they drain developer productivity and happiness. Rack::Attack is middleware to easily throttle abusive requests. At Kickstarter, we built it to keep our site fast and reliable with little effort. Learn how Rack::Attack works through examples from kickstarter.com. Spend less time dealing with bad apples, and more time on the fun stuff. Aaron Suggs is the Operations Engineer at Kickstarter, where he backs too many video game projects. He enjoys writing code that makes developers' lives easier, especially while wearing his grizzly bear coat. Help us caption & translate this video! http://amara.org/v/FG0Q/
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
In the video titled 'Rack::Attack: Protect your app with this one weird gem!', Aaron Suggs, an Operations Engineer at Kickstarter, discusses how Rack::Attack, a Ruby middleware, can be utilized to handle abusive requests that often threaten the performance and reliability of web applications. This middleware helps developers focus on primary tasks by reducing the overhead created by malicious requests, naive scrapers, and other unwanted traffic. **Key Points Discussed:** - **Introduction to Rack::Attack**: Rack::Attack was developed at Kickstarter to block and throttle abusive requests, thereby improving overall site performance and availability. - **Abusive Requests Defined**: Examples of abusive requests include login attempts from malicious actors, scrapers, and other forms of automated requests that can overload site resources. - **Origin Story**: The necessity for Rack::Attack arose from a specific incident in 2012 when Kickstarter faced an attack aimed at cracking user accounts. This prompted the need for a robust solution to manage request loads. - **Middleware Functionality**: Suggs explained how Rack middleware works by wrapping around applications, managing incoming requests and filtering them based on pre-defined rules using an elegant Domain Specific Language (DSL). - **Throttling and Blocking Requests**: The presentation included practical examples demonstrating how to set up throttles for specific actions such as login attempts per IP address, and other custom configurations that can enhance security. - **Integration with Existing Tools**: Rack::Attack complements other security measures such as hardware firewalls and CDN services, providing Ruby developers with a tailored and efficient way to optimize request handling. - **Community and Open Source Contribution**: Suggs emphasized the importance of open source contributions from developers worldwide, highlighting how Rack::Attack has evolved through community support. **Conclusions**: Rack::Attack serves as a key tool for maintaining web application performance amidst the inevitable challenges of the online environment. It allows developers to mitigate bad traffic efficiently enabling them to concentrate on feature development and user satisfaction. This gem not only secures apps but brings developer happiness by simplifying the complexity associated with abusive requests.
Suggest modifications
Cancel
