feat: Route remaining proxies through handle_store_error and document

mpenalozag · mpenalozag · commit 5b08553b0a81 · 2026-04-21T11:27:31.000-04:00
Applies handle_store_error in RedisStoreProxy, RedisCacheStoreProxy and
MemCacheStoreProxy so their calls participate in the shared bypass
mechanism. Adds cross-proxy specs pinning each subclass default and
documents bypassable_store_errors in the README.
diff --git a/README.md b/README.md
@@ -315,6 +315,35 @@ Most applications should use a new, separate database used only for `rack-attack
 
 Note that `Rack::Attack.cache` is only used for throttling, allow2ban and fail2ban filtering; not blocklisting and safelisting. Your cache store must implement `increment` and `write` like [ActiveSupport::Cache::Store](http://api.rubyonrails.org/classes/ActiveSupport/Cache/Store.html). This means that other cache stores which inherit from ActiveSupport::Cache::Store are also compatible. In-memory stores which are not backed by an external database, such as `ActiveSupport::Cache::MemoryStore.new`, will be mostly ineffective because each Ruby process in your deployment will have it's own state, effectively multiplying the number of requests each client can make by the number of Ruby processes you have deployed.
 
+#### Bypassing store errors
+
+By default, some store proxies will swallow the errors they historically rescued (`Redis::BaseConnectionError` for `Redis`, `Dalli::DalliError` for `Dalli`). When one of those errors is raised inside the proxy, the request goes through as if no throttling were applied, which keeps your app available if the dedicated rack-attack store goes down.
+
+You can customize this behavior through `Rack::Attack.cache.bypassable_store_errors`:
+
+```ruby
+# Use the proxy's built-in defaults (this is the default)
+Rack::Attack.cache.store = ActiveSupport::Cache::RedisCacheStore.new(url: "...")
+
+# Bypass ALL errors raised by the store — requests continue serving even if the
+# store misbehaves in unexpected ways (e.g. Redis OOM, timeouts, protocol errors).
+Rack::Attack.cache.bypassable_store_errors = :all
+
+# Bypass NO errors — any error from the store will propagate. This disables the
+# proxy's historical default rescue behavior as well.
+Rack::Attack.cache.bypassable_store_errors = :none
+
+# Bypass a specific list of error classes (or class-name Strings). This REPLACES
+# the proxy's built-in defaults - include any you still want to rescue.
+Rack::Attack.cache.bypassable_store_errors = [
+  Redis::BaseConnectionError,
+  Redis::TimeoutError,
+  "Redis::CommandError"
+]
+```
+
+`bypassable_store_errors` can be set before or after assigning `cache.store`; the store is re-wrapped automatically.
+
 ## Customizing responses
 
 Customize the response of blocklisted and throttled requests using an object that adheres to the [Rack app interface](http://www.rubydoc.info/github/rack/rack/file/SPEC.rdoc).
diff --git a/lib/rack/attack/store_proxy/mem_cache_store_proxy.rb b/lib/rack/attack/store_proxy/mem_cache_store_proxy.rb
@@ -13,11 +13,11 @@ def self.handle?(store)
         end
 
         def read(name, options = {})
-          super(name, options.merge!(raw: true))
+          handle_store_error { super(name, options.merge!(raw: true)) }
         end
 
         def write(name, value, options = {})
-          super(name, value, options.merge!(raw: true))
+          handle_store_error { super(name, value, options.merge!(raw: true)) }
         end
       end
     end
diff --git a/lib/rack/attack/store_proxy/redis_cache_store_proxy.rb b/lib/rack/attack/store_proxy/redis_cache_store_proxy.rb
@@ -17,25 +17,25 @@ def increment(name, amount = 1, **options)
             # So in order to workaround this we use RedisCacheStore#write (which sets expiration) to initialize
             # the counter. After that we continue using the original RedisCacheStore#increment.
             if options[:expires_in] && !read(name)
-              write(name, amount, options)
+              handle_store_error { write(name, amount, options) }
 
               amount
             else
-              super
+              handle_store_error { super }
             end
           end
         end
 
         def read(name, options = {})
-          super(name, options.merge!(raw: true))
+          handle_store_error { super(name, options.merge!(raw: true)) }
         end
 
         def write(name, value, options = {})
-          super(name, value, options.merge!(raw: true))
+          handle_store_error { super(name, value, options.merge!(raw: true)) }
         end
 
         def delete_matched(matcher, options = nil)
-          super(matcher.source, options)
+          handle_store_error { super(matcher.source, options) }
         end
       end
     end
diff --git a/lib/rack/attack/store_proxy/redis_store_proxy.rb b/lib/rack/attack/store_proxy/redis_store_proxy.rb
@@ -11,14 +11,14 @@ def self.handle?(store)
         end
 
         def read(key)
-          rescuing { get(key, raw: true) }
+          handle_store_error { get(key, raw: true) }
         end
 
         def write(key, value, options = {})
           if (expires_in = options[:expires_in])
-            rescuing { setex(key, expires_in, value, raw: true) }
+            handle_store_error { setex(key, expires_in, value, raw: true) }
           else
-            rescuing { set(key, value, raw: true) }
+            handle_store_error { set(key, value, raw: true) }
           end
         end
       end
diff --git a/spec/rack_attack_store_proxy_defaults_spec.rb b/spec/rack_attack_store_proxy_defaults_spec.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require_relative 'spec_helper'
+
+describe "Store proxy defaults (String-based)" do
+  it "RedisStoreProxy inherits Redis default bypass list from RedisProxy" do
+    skip 'redis gem not available' unless defined?(::Redis)
+    _(Rack::Attack::StoreProxy::RedisStoreProxy.default_bypassable_store_errors)
+      .must_equal ['Redis::BaseConnectionError']
+  end
+
+  it "RedisCacheStoreProxy has no default bypass list (preserves upstream behavior)" do
+    _(Rack::Attack::StoreProxy::RedisCacheStoreProxy.default_bypassable_store_errors).must_equal []
+  end
+
+  it "MemCacheStoreProxy has no default bypass list (preserves upstream behavior)" do
+    _(Rack::Attack::StoreProxy::MemCacheStoreProxy.default_bypassable_store_errors).must_equal []
+  end
+
+  it "BaseProxy base default is an empty Array" do
+    _(Rack::Attack::BaseProxy.default_bypassable_store_errors).must_equal []
+  end
+
+  it "default list entries are Strings so missing gems don't break loading" do
+    [
+      Rack::Attack::StoreProxy::DalliProxy,
+      Rack::Attack::StoreProxy::RedisProxy
+    ].each do |proxy_class|
+      defaults = proxy_class.default_bypassable_store_errors
+      _(defaults.all? { |e| e.is_a?(String) }).must_equal(
+        true,
+        "#{proxy_class}: expected all defaults to be Strings, got #{defaults.inspect}"
+      )
+    end
+  end
+end
