ruby-on-rails – 如何使用Heroku阻止引荐垃圾邮件

选项1：机架攻击

https://github.com/kickstarter/rack-attack

如果你想采用机架攻击方式,在安装它之后,你可以使用如下所示的配置：

# config/initializers/rack-attack.rb

class Rack::Attack
  blacklist("block referer spam") do |request|
    spammers = [/co.lumb.co/,/darodar/]
    spammers.find { |spammer| request.referer =~ spammer }
  end
end

既然我们喜欢测试,那么在实现解决方案之前,首先要编写测试(使用RSpec请求规范)：

# spec/requests/referer_spam_block_spec.rb

require "rails_helper"

describe "Referer blacklist",type: :request do
  describe "referer spam" do
    it "is blocked" do
      spammers = ["http://co.lumb.co/","http://forum.topic56809347.darodar.com/"]

      spammers.each do |spammer|
        get root_path,{},{ "HTTP_REFERER" => spammer }

        expect(response).to be_forbidden
      end
    end
  end

  describe "regular referer" do
    it "is not blocked" do
      get root_path,{ "HTTP_REFERER" => "google.com" }

      expect(response).to be_ok
    end
  end

  describe "direct request" do
    it "is not blocked" do
      get root_path

      expect(response).to be_ok
    end
  end
end

选项2：自定义中间件

我还没有实现这个选项(我使用了机架攻击),但是这里有一个粗略的想法,看看Rack中间件是什么样子才能使它工作(注意：我没有测试过这个代码)：

# lib/referer_spam_blocker.rb

class RefererSpamBlocker
  SPAMMERS = [/co.lumb.co/,/darodar/]

  def initialize(app)
    @app = app
  end

  def call(env)
    if blacklisted?(env)
      forbidden
    else
      @app.call(env)
    end
  end

  private

  def blacklisted?(env)
    !SPAMMERS.find { |spammer| env["HTTP_REFERER"] =~ spammer }.empty?
  end

  def forbidden
    [403,{'Content-Type' => 'text/plain'},["Forbiddenn"]]
  end
end

然后你可以通过将它添加到config / application.rb来配置Rails来使用它

config.middleware.use RefererSpamBlocker

有关如何在此处编写Rack中间件的更多详细信息：
http://railscasts.com/episodes/151-rack-middleware

奖金

如果您希望能够在不更改代码的情况下更改阻止的内容,则可以使用ENV vars而不是对垃圾邮件发送者进行硬编码.