3835ec3ea8
This reaction does not halt the request, but leaves it up to the app to react on this information. This allows e.g. frameworks to ignore failures in certain conditions. |
||
|---|---|---|
| .. | ||
| lib | ||
| spec | ||
| .gitignore | ||
| .travis.yml | ||
| Gemfile | ||
| License | ||
| README.md | ||
| Rakefile | ||
| rack-protection.gemspec | ||
README.md
You should use protection!
This gem protects against typical web attacks. Should work for all Rack apps, including Rails.
Usage
Use all protections you probably want to use:
# config.ru
require 'rack/protection'
use Rack::Protection
run MyApp
Skip a single protection middleware:
# config.ru
require 'rack/protection'
use Rack::Protection, :except => :path_traversal
run MyApp
Use a single protection middleware:
# config.ru
require 'rack/protection'
use Rack::Protection::AuthenticityToken
run MyApp
Prevented Attacks
Cross Site Request Forgery
Prevented by:
Rack::Protection::AuthenticityToken(not included byuse Rack::Protection)Rack::Protection::FormToken(not included byuse Rack::Protection)Rack::Protection::JsonCsrfRack::Protection::RemoteReferrer(not included byuse Rack::Protection)Rack::Protection::RemoteTokenRack::Protection::HttpOrigin
Cross Site Scripting
Prevented by:
Rack::Protection::EscapedParams(not included byuse Rack::Protection)Rack::Protection::XSSHeader(Internet Explorer only)
Clickjacking
Prevented by:
Rack::Protection::FrameOptions
Directory Traversal
Prevented by:
Rack::Protection::PathTraversal
Session Hijacking
Prevented by:
Rack::Protection::SessionHijacking
IP Spoofing
Prevented by:
Rack::Protection::IPSpoofing
Installation
gem install rack-protection