How to Minimise DDoS Attacks in Rails

A Distributed Denial of Service (DDoS) attack is when a large number of compromised computer systems, often referred to as a botnet, are used to flood a targeted website or server with traffic to disrupt its normal operation. The goal of a DDoS attack is to make a website or server unavailable to its intended users by overwhelming it with traffic from multiple sources.

DDoS attacks are a pain for almost every growing application. DDoS attacks are not usually targeted. Random attacks can be just as damaging as targeted ones. You never know how long an attack may last or when it will reoccur. Malicious actors can use a simple script to attack a domain or IP address “for fun”.

While you can’t escape them, you can take steps to reduce the impact a DDoS attack will have on your Ruby on Rails application.

In more complex situations, an attacker can change the vector of attack e.g. if you are blocking by country or IP; the attacker could change their approach within seconds and start the attack again from a new country or IP address.

We’ve always built apps for our clients with protection built in from the start. Ruby on Rails makes reducing the impact of a DDoS attack easy.

Rack Attack 🚫

Rack attack is a “Rack middleware for blocking & throttling abusive requests”. Rack attack sits between your incoming requests and your Rails application.

You can configure Rack attack to suit your application’s needs. It uses a series of rules to analyse each request to see if something unexpected is happening.

Rack attack is handy on managed services like Heroku and Render, where you don’t have access to system tools or similar server-level tools. These services often have their own DDoS protection, but they are not always configurable.

DNS Protection 🛡️

Some attacks are more complex or too large for systems like Rack attack. DNS providers like Cloudflare offer a more comprehensive level of protection.

A DNS provider’s global network of data centres can absorb the traffic generated by a DDoS attack, preventing it from reaching the targeted website or server. They can also learn from other’s experiences and share that knowledge across their network.

DNS providers often use more complex machine learning algorithms to detect and mitigate DDoS attacks in real-time. When an attack is detected, automatically applying additional security measures to protect the targeted website or server.

Benefits of Combining the Two ⚔️

There are sometimes additional benefits to combining the two approaches.

Cloudflare, for example, allows you to add a country code to the requests it parses. Using Rack attack you can filter traffic based upon these country codes.

Thereby allowing you to prevent access to your Ruby on Rails application from specific countries. This can be handy when dealing with sanctions or compliance issues in various territories.