Menu
I'm looking at implementing IP Address filtering for my Rails SaaS app. In a nutshell I want administrators to be able to specify one or more IP Addresses (or a range of IP Addresses) and then my app only accept requests on their instance from the specified addresses.
I'm looking at using IPAddress (http://github.com/bluemonk/ipaddress) for the parsing/validating of each address/range of addresses. Is this a good fit or are there better/more appropriate libraries?
Has anyone implemented this kind of filtering who could describe an approach that has worked for them or are there any gotchas I need to worry about?
Alternatively, is there an existing Ruby library that handles all of this automatically that has managed to elude my Googling?
Many Thanks, Ash
290
Yes, we all know that IP filtering is effective and appropriate for some situations. For instance, IT professionals might want to block a specific subset of web traffic to their sites – maybe due to geographic location or by only allowing a certain allowlist of IP addresses.
In the Internet Protocol (TCP/IP) Properties dialog box, select Advanced. Select the Options tab. Select TCP/IP Filtering, and then select Properties. Click to select the Enable TCP/IP Filtering (All adaptors) check box.
You can use a source IP restriction to allow users to log in from only the access network, because logging in from any other network results in denial of network access. For example, you can use this configuration to prevent users from logging in from networks other than a wireless network.
ipaddress is an awesome library (I know the author), but you won't probably need it unless you are planning to perform some advanced manipulation of IP Addresses.
In fact, the most simple way is to
store the array of IP addresses to filter somewhere. You can use the string representation (192.168.1.1) or the long int representation. With the string version, you can even allow wildcards (192.168.1.*)
then configure a before_filter in the controller that will load the list of banned IPs and perform a simple string match to check whether current request.ip_address (request.remote_ip in rails 3) matches a banned IP. If true, redirect to the error page.
As you can see, you don't even need to convert the IPs into IP objects, unless you need to perform other kind of manipulations.
192
A little late to the party, but since I was looking for something similar and bumped into this nice Ruby gem I'll add it here to contribute to the thread. I like @simone's solution, but if you need a more control then Rack::Attack may be a good choice.
https://github.com/kickstarter/rack-attack
Rack::Attack!!!
A DSL for blocking & throttling abusive clients
44
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
