Reputation: 2340
IP Address Filtering
I'm looking at implementing IP Address filtering for my Rails SaaS app. In a nutshell I want administrators to be able to specify one or more IP Addresses (or a range of IP Addresses) and then my app only accept requests on their instance from the specified addresses.
I'm looking at using IPAddress (http://github.com/bluemonk/ipaddress) for the parsing/validating of each address/range of addresses. Is this a good fit or are there better/more appropriate libraries?
Has anyone implemented this kind of filtering who could describe an approach that has worked for them or are there any gotchas I need to worry about?
Alternatively, is there an existing Ruby library that handles all of this automatically that has managed to elude my Googling?
Many Thanks, Ash
Upvotes: 9
Views: 5810
Answers (3)
Reputation: 51
A little late to the party, but since I was looking for something similar and bumped into this nice Ruby gem I'll add it here to contribute to the thread. I like @simone's solution, but if you need a more control then Rack::Attack may be a good choice.
https://github.com/kickstarter/rack-attack
Rack::Attack!!!
A DSL for blocking & throttling abusive clients
Upvotes: 5
Reputation: 176552
ipaddress is an awesome library (I know the author), but you won't probably need it unless you are planning to perform some advanced manipulation of IP Addresses.
In fact, the most simple way is to
store the array of IP addresses to filter somewhere. You can use the string representation (192.168.1.1) or the long int representation. With the string version, you can even allow wildcards (192.168.1.*)
then configure a
before_filterin the controller that will load the list of banned IPs and perform a simple string match to check whether currentrequest.ip_address(request.remote_ipin rails 3) matches a banned IP. If true, redirect to the error page.
As you can see, you don't even need to convert the IPs into IP objects, unless you need to perform other kind of manipulations.
Upvotes: 7
Reputation: 1165
I think you can achieve what you want using Rails 3 built-in routing features. Gregg Pollack introduces Rails 3 Action Dispatch and mentions (from the screencast) :constraints => {:ip => /192\.168\.1\.\d{1,3}}/} option where you can supply a regular expression matching the IP address range you want to allow.
Extending that a bit more, looking at the Advanced constraints and their example demonstrates pulling a list of blacklisted IPs out from the database and checking if the request.remote_ip is in the list of blacklisted IPs. It looks like you want a list of accepted (aka whitelist IPs) but the code would be nearly identical to the example in Rails guides.
So I would build your admin view to be able to input approved IP addresses, then the application routing can pull this list for incoming requests.
Upvotes: 3
Related Questions
- Rails 3 - Whitelisting list of IPs via routes
- rails redirect base on ip address
- Restricting Access to Rails App based on IP-Address
- How do you block specific IP adress in Ruby on Rails
- Rails 2.3.8 Gem to whitelist ip addresses
- Whitelisting list of IPs with some subnets in Rails 3 application
- Rails 3 - getting and comparison of IP address
- How can you add IP restrictions to your rails app?
- Rails - Block all but certain IP address
- How can I prevent access by a certain IP in Rails?