IP Address Filtering

Question

I'm looking at implementing IP Address filtering for my Rails SaaS app. In a nutshell I want administrators to be able to specify one or more IP Addresses (or a range of IP Addresses) and then my app only accept requests on their instance from the specified addresses.

I'm looking at using IPAddress (http://github.com/bluemonk/ipaddress) for the parsing/validating of each address/range of addresses. Is this a good fit or are there better/more appropriate libraries?

Has anyone implemented this kind of filtering who could describe an approach that has worked for them or are there any gotchas I need to worry about?

Alternatively, is there an existing Ruby library that handles all of this automatically that has managed to elude my Googling?

Many Thanks, Ash

Answer 1

ipaddress is an awesome library (I know the author), but you won't probably need it unless you are planning to perform some advanced manipulation of IP Addresses.

In fact, the most simple way is to

1. store the array of IP addresses to filter somewhere. You can use the string representation (192.168.1.1) or the long int representation. With the string version, you can even allow wildcards (192.168.1.*)

2. then configure a before_filter in the controller that will load the list of banned IPs and perform a simple string match to check whether current request.ip_address (request.remote_ip in rails 3) matches a banned IP. If true, redirect to the error page.

As you can see, you don't even need to convert the IPs into IP objects, unless you need to perform other kind of manipulations.

Answer 2

A little late to the party, but since I was looking for something similar and bumped into this nice Ruby gem I'll add it here to contribute to the thread. I like @simone's solution, but if you need a more control then Rack::Attack may be a good choice.

https://github.com/kickstarter/rack-attack

Rack::Attack!!!

A DSL for blocking & throttling abusive clients