Rack::Access ã§ IP ã‚¢ãƒ‰ãƒ¬ã‚¹åˆ¶é™

Rails ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã§ IP ã‚¢ãƒ‰ãƒ¬ã‚¹åˆ¶é™ãŒå¿…è¦ã«ãªã£ãŸéš›ã«ã¯ã€åŸºæœ¬çš„ã«ä¸Šä½ã®ãƒªãƒãƒ¼ã‚¹ãƒ—ãƒã‚ã‚·ï¼ˆApache ã¨ã‹ Nginx ã¨ã‹ï¼‰ã§è¡Œã†ã“ã¨ãŒå¤šã„ã¨æ€ã„ã¾ã™ãŒã€ä¸€æ–¹ã§ Rails æœ¬ä½“ã§åˆ¶é™ã‚’ã‹ã‘ãªã‘ã‚Œã°ãªã‚‰ãªã„ã“ã¨ã‚‚ã‚ã‚Šã¾ã™ï¼ˆHeroku ã ã¨ã‹ï¼‰

ã§ã‚‚ãã‚Œã‚’ Rails ã® controller å±¤ã¨ã‹ã§å®Ÿè£…ã™ã‚‹ã®ã¯ã¡ã‚‡ã£ã¨å«Œã§ã™ã‚ˆãã€‚ç‰¹ã«ãƒ“ã‚¸ãƒã‚¹ãƒã‚¸ãƒƒã‚¯ã§ã¯ãªã„ã“ã¨ãŒå¤šã„ã§ã™ã—ã€‚

ã¨ã„ã†ã‚ã‘ã§ã€IP ã‚¢ãƒ‰ãƒ¬ã‚¹åˆ¶é™ã‚’ Rack Middleware å±¤ã§å®Ÿè£…ã—ãŸ Rack::Access ã¨ã„ã†ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã‚’ä½¿ã£ã¦ã¿ã¾ã—ãŸã€‚ã“ã‚Œã¯ GitHub - rack/rack-contrib: Contributed Rack Middleware and Utilities ã«å«ã¾ã‚Œã¦ã„ã¾ã™ã€‚ä½¿ã„æ–¹ã¯ Gemfile ã«æ›¸ã„ã¦ bundle ã—ã¦ config/application.rb ã«è¨å®šã‚’æ›¸ã„ã¦å®Œäº†ã§ã™ã€‚

Gemfile:

gem 'rack-contrib', :require => 'rack/contrib'

config/application.rb

config.middleware.use "Rack::Access", '/' => [ '127.0.0.1',  '192.168.1.0/24' ]

ã“ã‚Œã§ 127.0.0.1 ã‚ã‚‹ã„ã¯ 192.168.1.0/24 ä»¥å¤–ã‹ã‚‰ã®ã‚¢ã‚¯ã‚»ã‚¹ã«ã¯ Forbidden ã‚’è¿”ã™ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚

å½“ç„¶ã€å®Ÿè¡Œç’°å¢ƒã«ã‚ˆã£ã¦ç•°ãªã‚‹åˆ¶é™ã‚’ã‹ã‘ã‚‹ã“ã¨ã«ãªã‚‹ã¨æ€ã„ã¾ã™ã€‚ãã‚Œãžã‚Œ environments/ ä»¥ä¸‹ã«æ›¸ã„ã¦ã‚‚ã„ã„ã¨æ€ã†ã®ã§ã™ãŒã€é¢å€’ãªã®ã§è‡ªåˆ†ã¯ YAML ã«æ›¸ãã¾ã—ãŸã€‚

config/application.rb

config.middleware.use "Rack::Access", YAML.load(open(Rails.root + "config/access.yml", &:read))[Rails.env]

config/access.yml

localnet: &localnet
  /:
    - 127.0.0.1
    - 192.168.1.0/24

development:
  <<: *localnet

test:
  <<: *localnet

production
  /:
    - xxx.xxx.xxx.xxx # å…¬é–‹å¯¾è±¡ã‚¢ãƒ‰ãƒ¬ã‚¹

å‹•çš„ã«åˆ¶é™ã‚’å¤‰æ›´ã™ã‚‹ã¨ã„ã†ä½¿ã„æ–¹ã‚’ã—ãŸã‘ã‚Œã°ã‚‚ã†å°‘ã—è¤‡é›‘ã«ã—ãªã‘ã‚Œã°ã„ã‘ã¾ã›ã‚“ãŒï¼ˆä¸€å¿œã§ãã‚‹ã¯ãšï¼‰ã€ã‚¤ãƒ³ãƒˆãƒ©å‘ã‘ã‚¢ãƒ—ãƒªãªã©ã§ã¯ã“ã®ç¨‹åº¦ã§ååˆ†ã§ã¯ãªã„ã§ã—ã‚‡ã†ã‹ã€‚

ã‚‚ã¡ã‚ã‚“ Rack middleware ãªã®ã§ã€ Rails ä»¥å¤–ã®ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã§ã‚‚åŒæ§˜ã«ä½¿ãˆã‚‹ã®ãŒã„ã„ã§ã™ãã€‚