0
0
Ruby on Railsframework~20 mins

Rate limiting in Ruby on Rails - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Rate Limiting Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What happens when a user exceeds the rate limit in Rails with Rack::Attack?
Consider a Rails app using Rack::Attack to limit requests to 5 per minute per IP. What is the typical response when a user exceeds this limit?
Ruby on Rails
class Rack::Attack
  throttle('req/ip', limit: 5, period: 1.minute) do |req|
    req.ip
  end
end
AThe server responds with HTTP status 500 Internal Server Error.
BThe server queues the request and processes it later.
CThe server responds with HTTP status 429 Too Many Requests.
DThe server ignores the limit and processes the request normally.
Attempts:
2 left
💡 Hint
Think about the standard HTTP status code for too many requests.
📝 Syntax
intermediate
2:00remaining
Identify the correct syntax to throttle requests by user ID in Rack::Attack
Which of the following code snippets correctly throttles requests to 10 per minute per user ID in a Rails app using Rack::Attack?
Athrottle('req/user', limit: 10, period: 1.minute) { |req| req.session[:user_id] }
Bthrottle('req/user', limit: 10, period: 1.minute) { |req| req.user_id }
Cthrottle('req/user', limit: 10, period: 1.minute) { |req| req.user.id }
Dthrottle('req/user', limit: 10, period: 1.minute) { |req| req.params[:user_id] }
Attempts:
2 left
💡 Hint
Remember that Rack::Attack works on the Rack request object, which has params but not user methods.
🔧 Debug
advanced
2:00remaining
Why does this Rack::Attack throttle not work as expected?
Given this code snippet, users are not being throttled correctly. What is the most likely cause? class Rack::Attack throttle('logins/ip', limit: 5, period: 20.seconds) do |req| if req.path == '/login' && req.post? req.ip end end end
Ruby on Rails
class Rack::Attack
  throttle('logins/ip', limit: 5, period: 20.seconds) do |req|
    if req.path == '/login' && req.post?
      req.ip
    end
  end
end
AThe condition returns nil for non-login requests, causing Rack::Attack to count them incorrectly.
BThe throttle block should always return a string, but req.ip returns an integer.
CThe throttle period is too short to trigger throttling.
DThe throttle name 'logins/ip' is invalid and causes the throttle to be ignored.
Attempts:
2 left
💡 Hint
Think about what happens when the block returns nil for some requests.
🧠 Conceptual
advanced
2:00remaining
What is the main benefit of using Redis with Rack::Attack for rate limiting?
Why do many Rails apps use Redis as the cache store for Rack::Attack when implementing rate limiting?
ARedis automatically blocks IPs without any configuration.
BRedis provides fast, centralized storage to track request counts across multiple app servers.
CRedis encrypts all request data for security.
DRedis replaces the need for Rack::Attack middleware.
Attempts:
2 left
💡 Hint
Think about how multiple servers share state for rate limiting.
state_output
expert
2:00remaining
What is the value of the counter after 3 requests from the same IP in 1 minute with this Rack::Attack throttle?
Given this throttle configuration, what is the value stored in the cache for the key 'rack::attack:throttle:logins/ip:1.2.3.4' after 3 POST requests to '/login' from IP '1.2.3.4' within 1 minute? class Rack::Attack throttle('logins/ip', limit: 5, period: 60.seconds) do |req| req.ip if req.path == '/login' && req.post? end end
Ruby on Rails
class Rack::Attack
  throttle('logins/ip', limit: 5, period: 60.seconds) do |req|
    req.ip if req.path == '/login' && req.post?
  end
end
A3
B5
C0
Dnil
Attempts:
2 left
💡 Hint
Each matching request increments the counter by 1.