Reputation: 2702
How can I see what `Rack::Protection` is doing with Sinatra server?
I have a Sinatra server in an AWS environment with a load balancer between the client and the server.
Unless I do something like:
disable: protection
it gives 'Forbidden' on a redirect. I don't want to always disable protection, and I should narrow the amount of disabled protection, so I would like to know what protection is forbidding my redirect.
I am expecting to see something like:
attack prevented by Rack::Protection::<Something>
I have:
enable: logging
and:
-e development
but can't get any feedback from Rack::Protection on why it is applying a rule.
I have tried this:
def self.log_rack_protection(namespace = nil, data = nil)
puts "rack data: #{data.pretty_inspect}"
end
use Rack::Protection, instrumenter: log_rack_protection
but it doesn't seem to be called except on startup.
What do I need to do to get more feedback from Rack::Protection on what module is doing the blocking? Alternatively, is there some configuration we should be applying to the load balancer to stop this protection?
Upvotes: 1
Views: 434
Answers (1)
Reputation: 2702
While I did not work out how to get better logging, I did work out that doing this:
set :protection, :except => [:json_csrf]
stopped the 'Forbidden' message on a client side redirect in the scenario described in the question.
Upvotes: 2
Related Questions
- Where does RACK log to?
- How to test if some specific rack middleware is being used?
- What does RACK_ENV do in a Rails application?
- Sinatra and Rack Protection setting
- Getting a Rack GemNotFound with Sinatra
- Can't find "rackup" command?
- Debugging Sinatra application
- ps -ax shows me a "rack" process. Is this normal?
- How to see requests in Sinatra?
- ruby 1.9, rvm, sinatra and rackup