With Rails 3 routes, how do you only allow a requests from 127.0.0.1?

Question

I'm writing an app where several of the routes should only be accessible from localhost. It looks like this is possible with the new routing system.

http://www.railsdispatch.com/posts/rails-3-makes-life-better

This has examples of restricting routes based on IP address, and setting up an IP address blacklist for your routes, but I'm interested in a whitelist with just one IP address.

It would be cool if something like this worked:

get "/posts" => "posts#show", :constraints => {:ip => '127.0.0.1'}

But it didn't. Am I just missing the right syntax?

Answer 1

following the example in Yehuda's post, you shoud create an approriate object to handle complex constraints. so, just editing that example could help. there's a line of code which checks if some ip is blacklisted:

[email protected]?(request.remote_ip)

you should write similar logic (but simpler) that checks if request.remote_ip == 127.0.0.1