allow localhost to bypass the ratelimit (#2554)

2017-04-29 15:27:49 -07:00
parent 5135d609b7
commit 964035b118
1 changed files with 7 additions and 0 deletions
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -1,6 +1,13 @@
 # frozen_string_literal: true

 class Rack::Attack
+  # Always allow requests from localhost
+  # (blocklist & throttles are skipped)
+  Rack::Attack.safelist('allow from localhost') do |req|
+    # Requests are allowed if the return value is truthy
+    '127.0.0.1' == req.ip || '::1' == req.ip
+  end
+
  # Rate limits for the API
  throttle('api', limit: 300, period: 5.minutes) do |req|
    req.ip if req.path =~ /\A\/api\/v/