rack-attack configure text on blacklist page

Question

Im using rack-attack to block an ip.

# Block requests from 1.2.3.4
Rack::Attack.blocklist('block 1.2.3.4') do |req|
# Requests are blocked if the return value is truthy
'1.2.3.4' == req.ip
end

The IP gets successfully blocked. The person can view a white page with the word "forbidden" on the upper-left corner. Is there any way to change the string "forbidden" ?

EDIT :

Tried using this. All my other error pages are also configured similarly. https://mattbrictson.com/dynamic-rails-error-pages But it doesn't seen to work on the rack attack 403 forbidden page.

Answer 1

To customize the response of blocklisted and throttled requests, use an object that adheres to the Rack app interface.

Rack::Attack.blocklisted_response = lambda do |env|
  # Using 503 because it may make the attacker think that he had successfully
  # DOSed the site. Rack::Attack returns 403 for blocklists by default
  [ 503, {}, ['Your custom string here']]
end

see the relevant documentation

Answer 2

Overwrite blocklisted_response.

@Tony Vincent is correct. I thought I would just elaborate a little further.

You just need to overwrite the default value for blocklisted_response.

You can see the default value here:

@blocklisted_response = lambda { |_env| [403, { 'Content-Type' => 'text/plain' }, ["Forbidden\n"]] }

So in your rack_attack.rb initializer, you can do the following:

Rack::Attack.blocklisted_response = lambda{ |_env| [ 403, { "Content-Type" => "text/plain" }, [ "You have been blocked from the system. If you think this has been done in error, please contact Support at [email protected]. Thank you." ] ] }

Answer 3

Overwrite blocklisted_response

You can display HTML pages also

So in your rack_attack.rb initializer, you can do the following:

Rack::Attack.blocklisted_response = lambda{ |_env| [ 403, { "Content-Type" => "text/html" }, [ "<!DOCTYPE html>
<html>
<head>
  <title>The page you were looking for doesn't exist (404)</title>
  <meta name='viewport' content='width=device-width,initial-scale=1'>
</head>

<body class='rails-default-error-page'>
  <!-- This file lives in public/404.html -->
  <div class='dialog'>
    <div>
      <h1>The page you were looking for doesn't exist.</h1>
      <p>You may have mistyped the address or the page may have moved.</p>
    </div>
    <p>If you are the application owner check the logs for more information.</p>
  </div>
</body>
</html>
" ] ] }