Easy whitelist firewalling for Rails 3+4 route constraints
gem 'firewall_constraint'
Or:
gem install firewall_constraint
##Example
config/routes.rb:
get 'dummy/index' => 'dummy#index'
get 'dummy/blocked_by_inline' => 'dummy#blocked_by_inline', :constraints => FirewallConstraint.new
constraints FirewallConstraint.new do
get 'dummy/blocked_by_block' => 'dummy#blocked_by_block'
end
constraints FirewallConstraint.new(['127.0.0.1']) do
get 'dummy/blocked_by_dynamic' => 'dummy#blocked_by_dynamic'
end
constraints FirewallConstraint.new(Proc.new{['127.0.0.1']}) do
get 'dummy/blocked_by_proc'
end
##Configuration
Uses a config file if ips are not provided on instantiation
config/firewall_constraint.yml:
test:
- 10.0.0.0/8
##Advanced Usage
You can also do DB-based whitelisting using the Proc-based whitelisting method:
app/models/valid_ip.rb:
class ValidIp < ActiveRecord::Base
end
config/routes.rb:
constraints FirewallConstraint.new(Proc.new{ValidIp.pluck(:ip)}) do
get '/blah'
end
##Notes
Because parsing IPs with the IPAddress can take some time, this gem will only reparse ips returned by the Proc method if they have changed. Make sure you return your ips in the same order to avoid unnecessary reparsing.