1

I have the whitelabel working as follows in my application controller:

before_filter :protect

def protect
  @ips = ['127.0.0.1', '203.123.10.1'] #And so on ...]
  if not @ips.include? request.remote_ip
     # Check for your subnet stuff here, for example
     # if not request.remote_ip.include?('127.0,0')
     render :text => "You are unauthorized"
     return
  end
end

I'd like to add the option that IF your IP is not whitelisted, you can enter a password to see the page.

There is no user model on this application (we only use it to display company metrics at the office (one page view) and want to be able to access the site at home/on mobile without having to constantly update ip's)

Thanks for any help

samgamgi
  • 13
  • 4
  • possible duplicate of [How can you add IP restrictions to your rails app?](http://stackoverflow.com/questions/7101629/how-can-you-add-ip-restrictions-to-your-rails-app) – lcguida Sep 24 '14 at 18:50
  • 1
    @rockskull if it is, i'm not seeing the part where it would require a password if the IP is not whitelisted -- maybe i'm missing something? – samgamgi Sep 24 '14 at 18:56
  • I would go with Devise for regular login + [create a custom strategy](http://stackoverflow.com/questions/4223083/custom-authentication-strategy-for-devise) for IP auth. Didn't try anything like that before though. – Mike Szyndel Sep 25 '14 at 07:12

1 Answers1

5

You can use the basic authentication, like below for your case:

def protect
  @ips = ['127.0.0.1', '203.123.10.1'] #And so on ...]
  if not @ips.include? request.remote_ip
     if user = authenticate_with_http_basic { |u, p| u=='username' and p=='secret' }
          @current_user = user
     else
          request_http_basic_authentication
     end
  end
end
Wenbing Li
  • 12,289
  • 1
  • 29
  • 41