CODEWITHSUNDEEP
rubyruby-on-rails-3routesipfirewall
dannymcc
dannymcc

Reputation: 3814

Different Rails route if IP not in list?

I have a Rails 3.2.2 application which is a simple company intranet, however although there isn't any private information on there it's probably best if it was fairly secure from the outside world.

We do however have people working from home on fairly regular occasions that don't have a VPN setup.

Currently I have a firewall rule that blocks everyone except a list of our teams/branches static IP addresses. The problem with this is when a team member visits the site from home the site never loads because the firewall rejects them. What I would like to do is serve a simple page within the application explaining why they don't have "full" access.

The firewall is serving multiple applications, so I can't put the access denied page on there

I have read a few questions on SO such as Get real IP address in local Rails development environment which show how to get their IP address, but I'm unsure how to alter a default route based on that.

Upvotes: 0

Views: 867

Answers (2)

cbron
cbron

Reputation: 4044

To expand on Robin's Whitelist method, here is my solution using multiple partial whitelisted ip's

class WhitelistConstraint
   def initialize
     @ips =  ["127.0", "10.0.0.0/1"]

   end

   def matches?(request)
    [email protected]{|req| request.remote_ip.include?(req) }.empty?
   end
end

Upvotes: 0

Robin
Robin

Reputation: 21884

Dae raises a good point in the comments, but just so you know:

http://guides.rubyonrails.org/routing.html#advanced-constraints

class BlacklistConstraint
   def initialize
     @ips = Blacklist.retrieve_ips
   end

   def matches?(request)
    @ips.include?(request.remote_ip)
   end
end

YourApp::Application.routes.draw do
  match "*path" => "blacklist#index", :constraints => BlacklistConstraint.new
end

Upvotes: 2

Related Questions