I quickly glanced at the code and it doesnt appear to be doing all that much. Basically it maintains a white and black list of IPs. While it cannot be that much of a crazy performance hit you’d probably be better off doing this kind of request analyzing in a Rack middleware, that is before it even gets to the Rails request handling.

That being said, I dont like the fact that it will re-sync every 5 minutes DURING processing a given request. That is, it will block the current request while it re-syncs its ruleset / and lists. Which means that you’re at the mercy of the Detrusion.com team to keep their site/API up. So when they go down you go down.

While its not as real-timey, I’d feel more comfortable to have the updating process be out of bound. Maybe you store the rules/lists in a flat file or a local DB (Redis would be perfect) which you load on app start. Then you have a frequent cron which reloads the ruleset from Detrusion and writes it locally.

Something like that. Just anything to de-couple your request handling from a Detrusion API check.