Skip to content

a-team/rack-protection

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

50 Commits

lib

lib

 
 

spec

spec

 
 

.gitignore

.gitignore

 
 

Gemfile

Gemfile

 
 

License

License

 
 

README.md

README.md

 
 

Rakefile

Rakefile

 
 

rack-protection.gemspec

rack-protection.gemspec

 
 

Repository files navigation

You should use protection!

This gem protects against typical web attacks. Should work for all Rack apps, including Rails.

Usage

Use all protections you probably want to use:

# config.ru
require 'rack/protection'
use Rack::Protection
run MyApp

Skip a single protection middleware:

# config.ru
require 'rack/protection'
use Rack::Protection, :except => :path_traversal
run MyApp

Use a single protection middleware:

# config.ru
require 'rack/protection'
use Rack::Protection::AuthenticityToken
run MyApp

Prevented Attacks

Cross Site Request Forgery

Prevented by:

  • Rack::Protection::AuthenticityToken (not included by use Rack::Protection)
  • Rack::Protection::FormToken (not included by use Rack::Protection)
  • Rack::Protection::JsonCsrf
  • Rack::Protection::RemoteReferrer (not included by use Rack::Protection)
  • Rack::Protection::RemoteToken

Cross Site Scripting

Prevented by:

  • Rack::Protection::EscapedParams
  • Rack::Protection::XssHeader (Internet Explorer only)

Clickjacking

Prevented by:

  • Rack::Protection::FrameOptions

Directory Traversal

Prevented by:

  • Rack::Protection::PathTraversal

Session Hijacking

Prevented by:

  • Rack::Protection::SessionHijacking

IP Spoofing

Prevented by:

  • Rack::Protection::IPSpoofing

Installation

gem install rack-protection

About

You should use protection!

rkh.github.com/rack-protection/

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published