我的公共页面中有一个表单,我想锁定内部IP范围。我一直在寻找其他问题的答案,但它们包含了整个网站,我希望能够将其限制在少数几页。我找到的是ApplicationController
before_filter :protect
def protect
@ips = ['127.0.0.1', '203.123.10.1'] #And so on ...]
if not @ips.include? request.remote_ip
# Check for your subnet stuff here, for example
# if not request.remote_ip.include?('127.0,0')
render :text => "You are unauthorized"
return
end
end
答案 0 :(得分:0)
看看机架攻击, https://github.com/kickstarter/rack-attack
示例:
Rack::Attack.blocklist('block 1.2.3.4 on login') do |req|
# Requests are blocked if the return value is truthy
req.path == '/login' && '1.2.3.4' == req.ip
end
答案 1 :(得分:0)
你可以像这样制作一个约束类:
class DomainConstraint
def initialize
@domains = ['127.0.0.1', '203.123.10.1']
end
def matches?(request)
@domains.include? request.domain
end
end
然后在routes.rb:
constraints DomainConstraint.new do
get 'protected_routes'
end