Ruby Weekly is a weekly newsletter covering the latest Ruby and Rails news.

21 Rack Middlewares To Turbocharge Your Ruby Webapps

By Peter Cooper / October 14, 2009

rack-logo.pngIf you've worked with Web apps using Ruby, you might know of Rack, an interface that sits between Ruby applications and HTTP-speaking Web servers. All of the major Ruby frameworks and server setups use it now, including Rails. Middleware (in Rack) is code that manipulates data going back and forth between your Ruby apps and the HTTP server. You can use middleware to intercept requests, change data in mid-flow, etc. Ryan Bates has a great screencast tutorial if you're new to the concept and want to build your own.

P.S. I know the term "middlewares" sounds borderline insane, but.. it works, you know what it means - yada, yada ;-)

In this post, we're going to highlight various Rack middlewares from CodeRack, an on-going Rack middleware competition:

Karma Chameleon - Focused at Rails developers, Karma Chameleon makes it easy to automatically have file extensions added to all of your app's links and URLs. The humorous motivation for this is so that you can have all your pages use ".aspx" or ".php" extensions to look better in corporate environments. Joking aside, though, this is a cute, well written middleware that's worth looking at.

Rack::Rewrite - This middleware is a clever attempt at implementing some of Apache's mod_rewrite functionality in Rack. So far it has support for doing basic rewrites (where URLs are changed mid-request before they hit the backend) and HTTP 301 and 302 redirects.

Canonical Host - This middleware lets you specify a "canonical hostname" for your application so that any requests to other hostnames are redirected to the same URL on the canonical hostname.

Rack::Tidy - Rack::Tidy cleans up HTML markup by automatically indenting and reformatting content. If you want the output from your Web apps to look clean (especially if you used ERb!), this is worth a try, although it expects valid markup in order to perform its cleaning..

Zombie Shotgun - The Zombie Shotgun provides protection against Microsoft Windows zombie attacks! It rejects requests from known "evil" user agents and to known nefarious URL paths. I dare say this is a useful middleware to throw in front of almost anything.

ImageSizer - This middleware adds an HTTP header to the HTTP response when serving images that provides the image's dimensions. It works with both static and dynamically generated images as it get used after your code has provided the image.

Firebug Logger - Adds logging to your Rack-powered app for use in the Firebug Firefox extension or Webkit/Safari's Inspector.

EnforceSSL - EnforceSSL lets you ensure that certain paths are only reached securely over HTTP/SSL. If a path denoted as sensitive is requested over regular HTTP, an HTTP 307 redirect will be issued (as an aside, I didn't know about HTTP 307 till now - it's worth reading about).

InlineUploader - This middleware sells itself! "Need inline uploads for files like the way GMail handles email attachements? InlineUploader makes it easy! InlineUploader provides a generic file upload endpoint and a way to attach uploaded files to subsequently submitted form data."

RefererControl - A middleware that restricts access to certain paths based on the Referer header. Rather than blocking people who have no referrer, however, this middleware is intended to enforce certain referrers so that users follow the intended flow of a site.

Rack::GoogleAnalytics - Rack::GoogleAnalytics automatically adds the Google Analytics tracking code into the HTML pages of your applications. A very simple middleware with code to match (so it's worth looking at if you want to try writing a basic middleware of your own), though I'm not sure whether this sort of thing should be in middleware to start with..

Rack::NoIE - This middleware is self described as "the coolest Rack middleware ever created." I'm not so sure about that but it does redirect Internet Explorer 6 users away from your Web site. Supposedly the CodeRack site itself uses this middleware!

BanHammer - A very simple middleware app that restricts access to specified IPv4/v6 addresses and ranges.

Rack::Codehighlighter - This middleware automatically applies a code highlighter (of your choice out of CodeRay, Syntax, and Ultraviolet) to any source code embedded within PRE tags in your HTML pages. This could be particularly handy if you're using a Ruby blogging tool that doesn't provide this feature.

Response Time Injector - Want the full app response time in the body of your served HTML someplace? This middleware substitutes any reference to "$responsetime" in your response body with the amount of time the response took. Could be handy for debugging. It even lets you specify a format to show the time in.

Probably Versioned - A middleware by Dr Nic Williams! Probably Versioned provides the ability to add a version reference into the URLs/routes for your application without affecting your app.. e.g. - As Nic explains, however, this is a precautionary tactic to ensure your users use future-proof URLs rather than a permanent fix as you're on your own when version 2 comes along ;-)

Rack::Proxy - Provides proxying abilities. For example, you could pass remote API calls through your own app/URL scheme. This is one of the middlewares that could probably go on to be a bigger deal with some serious extensions.

Server Proxy - From the name, Server Proxy sounds similar to Rack::Proxy, but Server Proxy is specifically for bypassing cross-domain access restrictions (from AJAX, say). It provides a simple way to proxy requests to remote APIs through your existing site, e.g. http://localhost:3000/server_proxy? - you'd need to beware of the security issues with this though!

Casrack the Authentication - A middleware that provides CAS (Central Authentication Service) support. CAS is a centralized authentication system initially developed by Yale. I'm not aware of CAS but it looks like a well put together middleware to solve a specific problem. Note: You'll need to be up to speed with Gemcutter to install it as a gem but the code is on GitHub too.

Rack::ChromeFrame - Recently Google released a plugin for Internet Explorer that provides its own Chrome browser's functionality within existing IE windows. This middleware makes the pages served demand the use of Google Chrome Frame on supported browsers.

Rakismet - Rakismet can pipe the comments your site received through the Akismet comment spam checker. There's no documentation here yet, but the code provides a nice example of interacting with Akismet that could be useful even if you don't use the middleware.

rupho.png[ad] Mobile Orchard's from Rubyist to iPhone programmer in 2 days class is coming to Portland/OR Nov 12-13 and Los Angeles/CA Nov 19-20. $1200 $799 with early reg and "inside" discount code.


  1. Gaius says:

    I forgot to mention that the "Casrack the Authenticator" gem is on Gemcutter, not Rubyforge, so for the gem install, you'll need "[sudo] gem install casrack_the_authenticator --source" unless you've already done the gem tumble (see

  2. Peter Cooper says:

    I wondered if it was Gemcutter. I wrote the post on a machine I hadn't yet installed it on so did so but still couldn't get it to work. I must have done something wrong. I'll update the post :) Thanks!

  3. Jason Seifer says:


  4. Ralph says:

    Thanks for your website. lets connect on Problogger Community

  5. Web Developer UK says:

    I want to see the intergratability for enterprise level applications
    Preferabaly adopters to j2ee stack or .net stack

Other Posts to Enjoy

Twitter Mentions