Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Rails 3 - Whitelisting list of IPs via routes

This is a two part question. I'm needing to restrict a rails site that I'm throwing on development server to only a few IP addresses, so the public can't access it. (Basic HTTP auth doesn't 'entirely' work as the auth breaks a Flash uploader in the project.)

Based on what I've Googled, this is what I've come up with in my routes file...

class WhitelistConstraint
  def initialize
    @ips = '127.0.0.1'
  end

  def matches?(request)
    @ips.include?(request.remote_ip)
  end
end

MyProject::Application.routes.draw do
  constraints WhitelistConstraint.new do
     # all my routing stuff here
  end
end

Works pretty good. However, I need to modify this in order to work with several IP addresses. I tried using a array on @ips, as well as looping through an each loop, but neither worked.

On top of that, the second part of my question...I may need to check only against a segment of the IP, like '127.0.0'. How would I do that?

like image 915
Shannon Avatar asked Apr 05 '11 14:04

Shannon


People also ask

How do I whitelist an IPs?

For example, to whitelist an IP address (to create IP whitelist), you first need to determine which devices or users are allowed access. Once you have a list of approved IP addresses, web applications, or users, you can add them to your whitelist using the network settings on your computer, router or firewall.

What is outbound IP whitelisting?

Outbound IP Whitelisting allows your org's users to connect to the BrowserStack domain ( browserstack.com ) through any corporate firewalls or proxy setups. This option is most frequently used when the security settings of organizations prevent connections from their internal computers to external endpoints.

Is whitelisting IPs secure?

IP whitelisting provides an easy and secure way to access private network resources. Below are the benefits of using a whitelist IP address: Improved Cloud Security.

What is IP whitelisting for API access?

Whitelisting IP addresses essentially means adding specific IP addresses that will be allowed to access DataForSEO API using your account. If you whitelist certain IPs, any IP that's not whitelisted will not be able to make API requests with your account's credentials.


1 Answers

what about using NetAddr::CIDR?

and something like this?

class WhitelistConstraint
  def initialize
    @ips = []
    @ips << NetAddr::CIDR.create('127.0.0.0/8')
    @ips << NetAddr::CIDR.create('192.168.0.0/16')
  end

  def matches?(request)
    valid = @ips.select {|cidr| cidr.contains?(request.remote_ip) }
    !valid.empty?
   end
 end

 MyProject::Application.routes.draw do
    constraints WhitelistConstraint.new do
     # all my routing stuff here
     end
 end 

This way you can specify the blocks of IPs that should be whitelisted, and not have to worry about the partial matches?

>> require 'netaddr'
=> true
>> @ips = []
=> []
>> @ips << NetAddr::CIDR.create('127.0.0.0/8')
=> [127.0.0.08]
>> @ips << NetAddr::CIDR.create('192.168.0.0/16')
=> [127.0.0.08, 192.168.0.016]
>> @ips.select { |c| c.contains? '192.168.10.1' }
=> [192.168.0.016]
>> @ips.select { |c| c.contains? '192.169.10.1' }
=> []
like image 100
Doon Avatar answered Oct 23 '22 01:10

Doon