我在我的公共頁面中有一個窗體,我想鎖定到內部IP範圍。我一直在回顧其他問題的答案,但是他們將整個網站都包含在內,我希望能夠將其限制在少數幾頁。我的確發現在ApplicationControllerRails 4白名單IP到單一路由
before_filter :protect
def protect
@ips = ['127.0.0.1', '203.123.10.1'] #And so on ...]
if not @ips.include? request.remote_ip
# Check for your subnet stuff here, for example
# if not request.remote_ip.include?('127.0,0')
render :text => "You are unauthorized"
return
end
end
是本作的Rails 3看一看架攻擊, https://github.com/kickstarter/rack-attack
例子:
Rack::Attack.blocklist('block 1.2.3.4 on login') do |req|
# Requests are blocked if the return value is truthy
req.path == '/login' && '1.2.3.4' == req.ip
end
您可以約束類,像這樣:
class DomainConstraint
def initialize
@domains = ['127.0.0.1', '203.123.10.1']
end
def matches?(request)
@domains.include? request.domain
end
end
然後執行它我您的routes.rb:
constraints DomainConstraint.new do
get 'protected_routes'
end
您試過使用這顆寶石嗎? –
我沒有,我會研究它。 – lostrennie
@lostrennie它看起來很棒/簡單的解決方案! –