It seems most people advice going with some sort of hardware solution in load balancers for DOS attacks. I notice if you try to do a curl on any major/semi-major website you get a 301.
For someone with a modest budget, what's the best way to protect against DOS attacks in rails, if there is no solid solution, what's the 2nd best thing someone can do?
Honestly, CDN's aren't that expensive if you're really getting some interesting traffic. Otherwise have you looked at BFD? Link
I've used BFD on some of our old servers and it was pretty nice. Not sure how secure it actually is, we never actually got DOS'd (thankfully).
for RoR applications you probably will use a proxy before the application servers, that server could be configured to protect from simple DoS attacks.
for example the HAProxy can be configured like that: antidos.cfg
and nginx probably has the same functionality.