Migrating to Wafris from Rack::Attack

Michael Buckbee

18 Oct 2023

The limits of Rack::Attack

Rack::Attack is fantastic (seriously, we even wrote the Ultimate Guide to Rack::Attack), but by design it's:

  • A blank configuration file
  • A static set of rules that you need to redeploy to update
  • Not a tool for visualizing blocked/allowed traffic

The Block -> Apps -> Log -> Deploy -> Repeat cycle

Standard Rack::Attack usage is:

  1. Find an IP making bad requests in your logs
  2. Add a config rule to block that IP
  3. Deploy the new rule
  4. Find three more IPs making bad requests in your logs
  5. Go back to 2

It's a tedious process that relies on you coming up with security rules from scratch, and then, because it's config-based, it creates very brittle static rules that are almost immediately out of date.

While you can get creative with hacking in some dynamic rules, it's not a great experience and is not what Rack::Attack was designed for.

Similarly, if you're using Rack: :Attack for rate-limiting, it's challenging to determine if the limits you set are too high. Too low? Are they even working? You can't tell from the logs, and the lack of feedback exposes your app to abuse.

Wafris picks up where Rack::Attack stops

Designed to shrink the feedback window between your logs, requests, and rules, Wafris gives you the following:

  1. A dashboard of what's happening right now in your web app.
  2. Easy dynamic rules you can set on the fly with no deploys.
  3. Curated rulesets to block common attacks and abuse.

Wafris vs Rack::Attack Feature Comparison

Wafris provides a dashboard that allows you to visualize the blocked traffic and the rules blocking it.

Rack::Attack Wafris
No deploy rule setting
Block traffic
Requires Redis for rate limiting
Visualize blocked traffic
Visualize blocked traffic by rule
Visualize blocked traffic by path
Preset Rulesets
- Block IPs
- Block IP Ranges (CIDR)
- Block User Agents
- Block Hosts
- Block Paths
- Block Parameters
- Block Methods

How to migrate from Rack::Attack to Wafris

If you have Rack::Attack already installed, it can work side by side with Wafris.

  1. Follow the Github guide on github.org/wafris/wafris-rb to add Wafris to your app.
  2. Include the Wafris gem above the Rack::Attack gem in your Gemfile.
    # Gemfile
    gem 'wafris'
    gem 'rack-attack'
  3. Requests to your app with be filtered by your Wafris rules and then your Rack::Attack rules.
  4. Add new rules to Wafris until you've migrated your rule set fully to Wafris.
  5. Confirm that the order is correct by running rake middleware and verifying that the Wafris::Middleware line shows up before the Rack::Attack line.

And that's it! You can choose to keep all of your rules in Rack::Attack or start moving them over to Wafris. It's up to you.

Do this next

We're on a mission to better secure every web app on internet. Here's some ways you can jump in:

1. Check out our Open Source Web Application Firewall

Wafris is the free open source WAF that you can use to understand and visualize the requests hitting your apps and then take steps to protect them. It's still in early development, but you can signup for the waitlist to get early access at wafris.org

2. Investigate IP addresses with our IP Lookup service

Bad bots and probes hit sites within minutes of being put on the Internet. Sort the good from the bad by identifying request IPs as coming from bots, Tor networks, VPNs, proxies and malware hosts at wafris.org/ip-lookup

3. Anything else?

If you have any questions or need help finding the right way to handle web app security issues, please let us know at: help@wafris.org