Kjarrigan
said over 7 years ago
on
Restricting Access by IP Address
:
We use something similiar to disable login for api-calls from within our company network. Looks something like this:
skip_before_action :authenticate_user!
before_action :verify_user
ALLOWED_IP_ADDRESS_RANGES = %w(127.0.0.0/24)
def verify_user
allowed = ALLOWED_IP_ADDRESS_RANGES.find do |addr|
range = IPAddr.new(addr)
range.include? IPAddr.new(request.ip)
end
unless allowed
render plain: "Unauthorized", status: Foo::STATE_IP_NOT_IN_RANGE
end
end