How can I see what `Rack::Protection` is doing with Sinatra server?












0















I have a Sinatra server in an AWS environment with a load balancer between the client and the server.



Unless I do something like:



disable: protection


it gives 'Forbidden' on a redirect. I don't want to always disable protection, and I should narrow the amount of disabled protection, so I would like to know what protection is forbidding my redirect.



I am expecting to see something like:



attack prevented by Rack::Protection::<Something>


I have:



enable: logging


and:



-e development


but can't get any feedback from Rack::Protection on why it is applying a rule.



I have tried this:



def self.log_rack_protection(namespace = nil, data = nil)

  puts "rack data: #{data.pretty_inspect}"

end

use Rack::Protection, instrumenter: log_rack_protection


but it doesn't seem to be called except on startup.



What do I need to do to get more feedback from Rack::Protection on what module is doing the blocking? Alternatively, is there some configuration we should be applying to the load balancer to stop this protection?






ruby sinatra rack







share|improve this question




















  • 2





    There was a similar issue in sidekiq with its Sinatra based web UI. Please see if this thread helps you. Basically, just ensure that you're passing appropriate headers from the reverse proxy (load balancer) to the rack.

    – 31piy
    Nov 27 '18 at 6:41








  • 1





    Thanks @31piy . Based on that reading and some experimentation disabling the 'remote_referrer' protection did the trick. In Sinatra: set :protection, :except => [:remote_referrer]

    – Ross Attrill
    Nov 28 '18 at 2:58











  • Its great that you found a way on your own to solve this problem. To help future readers facing similar problem, you should add an answer describing what did you do, and then accept it.

    – 31piy
    Nov 28 '18 at 3:15











  • Actually it seemed to be set :protection, :except => [:json_csrf]

    – Ross Attrill
    Nov 28 '18 at 4:56
















0















I have a Sinatra server in an AWS environment with a load balancer between the client and the server.



Unless I do something like:



disable: protection


it gives 'Forbidden' on a redirect. I don't want to always disable protection, and I should narrow the amount of disabled protection, so I would like to know what protection is forbidding my redirect.



I am expecting to see something like:



attack prevented by Rack::Protection::<Something>


I have:



enable: logging


and:



-e development


but can't get any feedback from Rack::Protection on why it is applying a rule.



I have tried this:



def self.log_rack_protection(namespace = nil, data = nil)

  puts "rack data: #{data.pretty_inspect}"

end

use Rack::Protection, instrumenter: log_rack_protection


but it doesn't seem to be called except on startup.



What do I need to do to get more feedback from Rack::Protection on what module is doing the blocking? Alternatively, is there some configuration we should be applying to the load balancer to stop this protection?






ruby sinatra rack







share|improve this question




















  • 2





    There was a similar issue in sidekiq with its Sinatra based web UI. Please see if this thread helps you. Basically, just ensure that you're passing appropriate headers from the reverse proxy (load balancer) to the rack.

    – 31piy
    Nov 27 '18 at 6:41








  • 1





    Thanks @31piy . Based on that reading and some experimentation disabling the 'remote_referrer' protection did the trick. In Sinatra: set :protection, :except => [:remote_referrer]

    – Ross Attrill
    Nov 28 '18 at 2:58











  • Its great that you found a way on your own to solve this problem. To help future readers facing similar problem, you should add an answer describing what did you do, and then accept it.

    – 31piy
    Nov 28 '18 at 3:15











  • Actually it seemed to be set :protection, :except => [:json_csrf]

    – Ross Attrill
    Nov 28 '18 at 4:56














0












0








0








I have a Sinatra server in an AWS environment with a load balancer between the client and the server.



Unless I do something like:



disable: protection


it gives 'Forbidden' on a redirect. I don't want to always disable protection, and I should narrow the amount of disabled protection, so I would like to know what protection is forbidding my redirect.



I am expecting to see something like:



attack prevented by Rack::Protection::<Something>


I have:



enable: logging


and:



-e development


but can't get any feedback from Rack::Protection on why it is applying a rule.



I have tried this:



def self.log_rack_protection(namespace = nil, data = nil)

  puts "rack data: #{data.pretty_inspect}"

end

use Rack::Protection, instrumenter: log_rack_protection


but it doesn't seem to be called except on startup.



What do I need to do to get more feedback from Rack::Protection on what module is doing the blocking? Alternatively, is there some configuration we should be applying to the load balancer to stop this protection?






ruby sinatra rack







share|improve this question
















I have a Sinatra server in an AWS environment with a load balancer between the client and the server.



Unless I do something like:



disable: protection


it gives 'Forbidden' on a redirect. I don't want to always disable protection, and I should narrow the amount of disabled protection, so I would like to know what protection is forbidding my redirect.



I am expecting to see something like:



attack prevented by Rack::Protection::<Something>


I have:



enable: logging


and:



-e development


but can't get any feedback from Rack::Protection on why it is applying a rule.



I have tried this:



def self.log_rack_protection(namespace = nil, data = nil)

  puts "rack data: #{data.pretty_inspect}"

end

use Rack::Protection, instrumenter: log_rack_protection


but it doesn't seem to be called except on startup.



What do I need to do to get more feedback from Rack::Protection on what module is doing the blocking? Alternatively, is there some configuration we should be applying to the load balancer to stop this protection?






ruby sinatra rack




ruby sinatra rack






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 28 '18 at 3:03







Ross Attrill

















asked Nov 27 '18 at 6:10









Ross AttrillRoss Attrill

1,50511520




1,50511520








  • 2





    There was a similar issue in sidekiq with its Sinatra based web UI. Please see if this thread helps you. Basically, just ensure that you're passing appropriate headers from the reverse proxy (load balancer) to the rack.

    – 31piy
    Nov 27 '18 at 6:41








  • 1





    Thanks @31piy . Based on that reading and some experimentation disabling the 'remote_referrer' protection did the trick. In Sinatra: set :protection, :except => [:remote_referrer]

    – Ross Attrill
    Nov 28 '18 at 2:58











  • Its great that you found a way on your own to solve this problem. To help future readers facing similar problem, you should add an answer describing what did you do, and then accept it.

    – 31piy
    Nov 28 '18 at 3:15











  • Actually it seemed to be set :protection, :except => [:json_csrf]

    – Ross Attrill
    Nov 28 '18 at 4:56














  • 2





    There was a similar issue in sidekiq with its Sinatra based web UI. Please see if this thread helps you. Basically, just ensure that you're passing appropriate headers from the reverse proxy (load balancer) to the rack.

    – 31piy
    Nov 27 '18 at 6:41








  • 1





    Thanks @31piy . Based on that reading and some experimentation disabling the 'remote_referrer' protection did the trick. In Sinatra: set :protection, :except => [:remote_referrer]

    – Ross Attrill
    Nov 28 '18 at 2:58











  • Its great that you found a way on your own to solve this problem. To help future readers facing similar problem, you should add an answer describing what did you do, and then accept it.

    – 31piy
    Nov 28 '18 at 3:15











  • Actually it seemed to be set :protection, :except => [:json_csrf]

    – Ross Attrill
    Nov 28 '18 at 4:56








2




2





There was a similar issue in sidekiq with its Sinatra based web UI. Please see if this thread helps you. Basically, just ensure that you're passing appropriate headers from the reverse proxy (load balancer) to the rack.

– 31piy
Nov 27 '18 at 6:41







There was a similar issue in sidekiq with its Sinatra based web UI. Please see if this thread helps you. Basically, just ensure that you're passing appropriate headers from the reverse proxy (load balancer) to the rack.

– 31piy
Nov 27 '18 at 6:41






1




1





Thanks @31piy . Based on that reading and some experimentation disabling the 'remote_referrer' protection did the trick. In Sinatra: set :protection, :except => [:remote_referrer]

– Ross Attrill
Nov 28 '18 at 2:58





Thanks @31piy . Based on that reading and some experimentation disabling the 'remote_referrer' protection did the trick. In Sinatra: set :protection, :except => [:remote_referrer]

– Ross Attrill
Nov 28 '18 at 2:58













Its great that you found a way on your own to solve this problem. To help future readers facing similar problem, you should add an answer describing what did you do, and then accept it.

– 31piy
Nov 28 '18 at 3:15





Its great that you found a way on your own to solve this problem. To help future readers facing similar problem, you should add an answer describing what did you do, and then accept it.

– 31piy
Nov 28 '18 at 3:15













Actually it seemed to be set :protection, :except => [:json_csrf]

– Ross Attrill
Nov 28 '18 at 4:56





Actually it seemed to be set :protection, :except => [:json_csrf]

– Ross Attrill
Nov 28 '18 at 4:56












1 Answer
1






active

oldest

votes


















0














While I did not work out how to get better logging, I did work out that doing this:



set :protection, :except => [:json_csrf]


stopped the 'Forbidden' message on a client side redirect in the scenario described in the question.






share|improve this answer

























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53493717%2fhow-can-i-see-what-rackprotection-is-doing-with-sinatra-server%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    While I did not work out how to get better logging, I did work out that doing this:



    set :protection, :except => [:json_csrf]


    stopped the 'Forbidden' message on a client side redirect in the scenario described in the question.






    share|improve this answer






























      0














      While I did not work out how to get better logging, I did work out that doing this:



      set :protection, :except => [:json_csrf]


      stopped the 'Forbidden' message on a client side redirect in the scenario described in the question.






      share|improve this answer




























        0












        0








        0







        While I did not work out how to get better logging, I did work out that doing this:



        set :protection, :except => [:json_csrf]


        stopped the 'Forbidden' message on a client side redirect in the scenario described in the question.






        share|improve this answer















        While I did not work out how to get better logging, I did work out that doing this:



        set :protection, :except => [:json_csrf]


        stopped the 'Forbidden' message on a client side redirect in the scenario described in the question.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Nov 28 '18 at 5:03

























        answered Nov 28 '18 at 4:57









        Ross AttrillRoss Attrill

        1,50511520




        1,50511520
































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53493717%2fhow-can-i-see-what-rackprotection-is-doing-with-sinatra-server%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Lallio

            Image
            Coordenadas: 45° 40' N 9° 38' E Lallio      Comuna    Lallio Localização de Lallio na Itália Coordenadas 45° 40' N 9° 38' E Região Lombardia Província Bérgamo Área - Total 2 km² Altitude 216 m População  - Total 3 826     • Densidade 1 913 hab./km² Outros dados Comunas limítrofes Bergamo, Dalmine, Stezzano, Treviolo Código ISTAT 016123 Código cadastral E422 Código postal 24040 Prefixo telefônico 035 Website www.comune.lallio.bg.it Lallio é uma comuna italiana da região da Lombardia, província de Bérgamo, com cerca de 3.826 habitantes. Estende-se por uma área de 2 km², tendo uma densidade populacional de 1913 hab/km². Faz fronteira com Bergamo, Dalmine, Stezzano, Treviolo. [ 1 ] [ 2 ] [ 3 ] Demografia | Variação demográfica do município entre 1861 e 2011 [ 3 ] Fonte : Istituto Nazionale di Statistica (ISTAT) - Elabor...
            Read more

            Futebolista

            Image
            Ronaldo primeiro jogador a ser eleito por três vezes o melhor jogador do mundo pela FIFA. Ronaldinho Gaúcho atuando pelo Barcelona onde foi duas vezes eleito o melhor jogador do mundo pela FIFA. Kaká atuando pelo Milan onde foi eleito em 2007 o melhor jogador do mundo pela FIFA. Lothar Matthäus primeiro jogador a ser eleito o melhor jogador do mundo pela FIFA em 1991 pela Inter de Milão. Neymar durante partida contra a Escócia, em 27 de março de 2011. Crianças praticando futebol. Robinho, futebolista brasileiro, em 15 de novembro de 2006. Atletas do Chelsea, da Inglaterra. A venda de camisas com nome e número dos jogadores é uma grande fonte de arrecadação. Jürgen Klinsmann atuou como jogador e foi treinador da Alemanha. Estádio de futebol, principal local onde laboram os jogadores. O jogador de futebol , ou Futebolista , é um atleta profissional de futebol, e cuja prática do desporto coletivo é fundamental. Estes trabalhadores sã...
            Read more

            Jornalista

            Image
            Uma repórter de televisão segurando um microfone na frente de um cinegrafista. Fotojornalistas no Campeonato Mundial de Atletismo 2013 Uma repórter entrevistando Boris Johnson, Prefeito de Londres. Jornalista é o profissional formado em Jornalismo. É a pessoa responsável pela apuração, investigação e apresentação de notícias, reportagens, entrevistas ou distribuição de notícias ou outra informação de interesse coletivo. O trabalho do jornalista é chamado jornalismo. Um jornalista pode trabalhar com questões gerais ou especializar-se em determinadas áreas. No entanto, a maioria dos jornalistas tendem a se especializar, e cooperando com outros jornalistas, produzir publicações que abrangem muitos tópicos. [ 1 ] Por exemplo, um jornalista esportivo cobre notícias dentro do mundo dos esportes, mas este jornalista pode ser uma parte de um jornal que cobre diversos temas. O exercício do Jornalismo é privativo de jornalista. Entre as áreas em que o jornalista trabalha estão o...
            Read more