Migrating to Wafris from Rack::Attack

Michael Buckbee

18 Oct 2023

The limits of Rack::Attack

Rack::Attack is fantastic (seriously, we even wrote the Ultimate Guide to Rack::Attack), but by design it's:

  • A blank configuration file
  • A static set of rules that you need to redeploy to update
  • Not a tool for visualizing blocked/allowed traffic

The Block -> Apps -> Log -> Deploy -> Repeat cycle

Standard Rack::Attack usage is:

  1. Find an IP making bad requests in your logs
  2. Add a config rule to block that IP
  3. Deploy the new rule
  4. Find three more IPs making bad requests in your logs
  5. Go back to 2

It's a tedious process that relies on you coming up with security rules from scratch, and then, because it's config-based, it creates very brittle static rules that are almost immediately out of date.

While you can get creative with hacking in some dynamic rules, it's not a great experience and is not what Rack::Attack was designed for.

Similarly, if you're using Rack: :Attack for rate-limiting, it's challenging to determine if the limits you set are too high. Too low? Are they even working? You can't tell from the logs, and the lack of feedback exposes your app to abuse.

Wafris picks up where Rack::Attack stops

Designed to shrink the feedback window between your logs, requests, and rules, Wafris gives you the following:

  1. A dashboard of what's happening right now in your web app.
  2. Easy dynamic rules you can set on the fly with no deploys.
  3. Curated rulesets to block common attacks and abuse.

Wafris vs Rack::Attack Feature Comparison

Wafris provides a dashboard that allows you to visualize the blocked traffic and the rules blocking it.

Rack::Attack Wafris
No deploy rule setting
Block traffic
Requires Redis for rate limiting
Visualize blocked traffic
Visualize blocked traffic by rule
Visualize blocked traffic by path
Preset Rulesets
- Block IPs
- Block IP Ranges (CIDR)
- Block User Agents
- Block Hosts
- Block Paths
- Block Parameters
- Block Methods

How to migrate from Rack::Attack to Wafris

If you have Rack::Attack already installed, it can work side by side with Wafris.

  1. Follow the Github guide on github.org/wafris/wafris-rb to add Wafris to your app.
  2. Include the Wafris gem above the Rack::Attack gem in your Gemfile. 
    # Gemfile
gem 'wafris'
gem 'rack-attack'
  3. Requests to your app with be filtered by your Wafris rules and then your Rack::Attack rules.
  4. Add new rules to Wafris until you've migrated your rule set fully to Wafris.
  5. Confirm that the order is correct by running rake middleware and verifying that the Wafris::Middleware line shows up before the Rack::Attack line.

And that's it! You can choose to keep all of your rules in Rack::Attack or start moving them over to Wafris. It's up to you.

Ready to secure your site?

Create a free Web Application Firewall today

Start blocking traffic in 4 minutes or less