Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Mimic .htaccess or some other type of password protecting with webrick

Tags:

security

ruby-on-rails

.htaccess

webrick

I have a rails app that I enjoy developing on a sever much more than locally, slow computer, the problem is even though on the server the development environment is great I need a way to look at the pages I am working on live.

This is pretty easy if I didn't care about the app being visible to the public but it cannot be visible anywhere except on the production server.

So I had the idea of just putting a basic httpauth up and then only I can see the rails app but it is still hosted on the server.

If I were to be doing this with apache/php I would just use a .htaccess file to protect the directory but I have no clue how to protect the application from the public using WEBrick.

If anyone has any idea I really would like to have no code changes or only code changes in files I can .gitignore so deployment is still easy.

like image 262
austinbv Avatar asked Nov 15 '11 20:11

austinbv

2 Answers

You can restrict access by using Rack based basic auth or IP white listing

Basic Auth

Add the following to your config/environments/development.rb

config.middleware.use Rack::Auth::Basic, "Beta Access" do |username, password|
  'secret' == password
end

IP White Listing

I found two gems for this purpose:

rack-auth-ip

rack-ip-whitelist

I would use rack-auth-ip as it has been there for some time. Add the following to your config/environments/development.rb

config.middleware.use Rack::Auth::IP, %w( YourIPAddress )

Now, the instance is accessible only if the originating IP is in the white list.

like image 136
Harish Shetty Avatar answered Sep 20 '22 00:09

Harish Shetty

This question Ruby Webrick HTTP Authentication seems to give an answer

Here's a link to some Webrick docs. It looks like you need something like so, from the above link:

realm = "Gnome's realm"
start_webrick {|server|
  server.mount_proc('/convenient_basic_auth') {|req, resp| 
    HTTPAuth.basic_auth(req, resp, realm) {|user, pass|
      # this block returns true if
      # authentication token is valid
      user == 'gnome' && pass == 'supersecretpassword'
    }
    resp.body = 
      "You are authenticated to see the super secret data\n"
  }
}

and a link to the rdocon WEBrick/HTTPAuth

config = { :Realm => 'DigestAuth example realm' }

htpasswd = WEBrick::HTTPAuth::Htpasswd.new    'my_password_file'
htpasswd.auth_type = WEBrick::HTTPAuth::DigestAuth
htpasswd.set_passwd config[:Realm], 'username', 'password'
htpasswd.flush
like image 39
Paul Rubel Avatar answered Sep 22 '22 00:09

Paul Rubel
Sign in to Comment

Related questions

Rails forms: How to append request params?
Which is better? mysql's LIKE or REGEXP?
validates_presence_of with belongs_to associations, the right way
Eager loading nested association and scope
Dynamic Methods on a Rails Model
Why do I get "Errno::ECONNREFUSED" with 'net/http' in Rails?
Ruby on Rails: .constantize: wrong constant name error?
How can I output raw unescaped html from this Rails route/helpers?
With Rails and Devise, how do I set the cookie properties if I'm using ActiveRecord store?
Rails optional /:locale route
STI change amongs inherited types.
how do I use Rspec to test the contents of a textarea in a view?
what does redirect_to(@model) means in rails?
is there a way to reference a constant in a yaml with rails?
Allowing users to only enter specific tags
Duplicate Records created by find_or_create In Rails+Mongoid
Security between rails and nodejs
how do I use rails helpers in resque jobs?
Is there a way to use facets with the pg_search gem
active admin render edit page

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!