Name: Restricting Access by IP Address
Uploaded: 2024-07-26 02:46:52 UTC
Duration: 4 min 22 s
Description: Learn to lock down your application or parts of your application by IP Addresses.

Restricting Access by IP Address

Episode #92 by

David Kimura

Aug 6, 2017

Previous (#91) Episode Next (#93)

Summary

Learn to lock down your application or parts of your application by IP Addresses.
rails security 4:22

Mark as Watched Watch Later

Resources

Source - https://github.com/driftingruby/092-restricting-access-by-ip-address

Additional Notes: Depending on the complexity and requirements of your application, you can also use advanced routing with constraints to achieve the same thing.

http://guides.rubyonrails.org/routing.html#advanced-constraints

Summary

# application_controller.rb
class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
  # before_action :verify_ip_address

  private

  def verify_ip_address
    head :unauthorized if Whitelist.find_by(ip_address: request.remote_ip).nil?
    # if Whitelist.find_by(ip_address: request.remote_ip).nil?
      # redirect_to root_path, alert: 'Unauthorized access.'
    # end
  end
end

You may want to limit the size of the IP Address column to 16 characters or 45 for IPv6 support.

# whitelist_migration.rb
class CreateWhitelists < ActiveRecord::Migration[5.1]
  def change
    create_table :whitelists do |t|
      t.string :ip_address, limit: 16 # 45 Characters for IPv6 support

      t.timestamps
    end
    add_index :whitelists, :ip_address
  end
end

# welcome_controller.rb
class WelcomeController < ApplicationController
  # skip_before_action :verify_ip_address, only: :index
  before_action :verify_ip_address, only: :restricted
  def index
  end

  def restricted
  end
end

Learning Paths

Video Logs new

Blog

Merchandise

Forums new

Summary

Resources

Summary