0

How to use http auth in ruby on rails? i hope only external ip need to do that. for example, my internal ip is "192.168.1.0/24".

class ApplicationController < ActionController::Base
  USER_ID, PASSWORD = "hello", "Passw0rd#"

  before_action :authenticate

  def authenticate
    authenticate_or_request_with_http_basic do |id, password|
      id == USER_ID && password == PASSWORD
    end
  end
end
Patrick Su
  • 11
  • 3
  • 1
    Maybe try adding `&& request.remote_ip == "my_ip_address"` but why would you want to do this, it's a flawed approach – jamesc Jun 05 '23 at 06:55
  • 2
    I agree with @jamesc that it's probably a bad idea, but it should be `IPAddr.new('192.168.1.0/24').include?(request.remote_ip) || authenticate_or...` – Siim Liiser Jun 05 '23 at 08:14
  • @jamesc given that 192.168.xxx.yyy are not routable on the public internet (rfc1918) what vulnerability do you see in this scheme? – Les Nightingill Jun 05 '23 at 14:15
  • @LesNightingill It's not just vulnerability there are too many other issues to debate in a comment but here are a few, routers get hacked all the time, it makes the app undeployable, ipaddresses can change and then you ave to change the code and there are much much better approaches – jamesc Jun 06 '23 at 02:10
  • My first reply was in haste, @SiimLiiser comment is the correct approach, sorry – jamesc Jun 06 '23 at 02:13

0 Answers0