This is a two part question. I'm needing to restrict a rails site that I'm throwing on development server to only a few IP addresses, so the public can't access it. (Basic HTTP auth doesn't 'entirely' work as the auth breaks a Flash uploader in the project.)
Based on what I've Googled, this is what I've come up with in my routes file...
class WhitelistConstraint
def initialize
@ips = '127.0.0.1'
end
def matches?(request)
@ips.include?(request.remote_ip)
end
end
MyProject::Application.routes.draw do
constraints WhitelistConstraint.new do
# all my routing stuff here
end
end
Works pretty good. However, I need to modify this in order to work with several IP addresses. I tried using a array on @ips, as well as looping through an each loop, but neither worked.
On top of that, the second part of my question...I may need to check only against a segment of the IP, like '127.0.0'. How would I do that?
I didn't know you could do this through routes, my approach would be to just have a before_filter in the ApplicationController and just have something that does:
before_filter :protect
def protect
@ips = ['127.0.0.1', '203.123.10.1'] #And so on ...]
if not @ips.include? request.remote_ip
# Check for your subnet stuff here, for example
# if not request.remote_ip.include?('127.0.0.1')
render :text => "You are unauthorized"
return
end
end