How can you block or filter IP addresses on Heroku?

ruby-on-rails security heroku ip rack
Matt Smith picture Matt Smith · Aug 27, 2012 · Viewed 11.8k times · Source

Is there a way to implement IP filtering or IP access rules much like I would with nginx/apache to restrict or block certain IPs on Heroku?

Note: I know this can be done from within my application (Rails 3.2) very easily but I don't think this is the most efficient use of my resources on Heroku. Also, a Rack based solution would be better than implementing the filtering in Rails.

Answer

Phil picture Phil · Oct 10, 2014

You should check out rack-attack. Looks like it does the same as rack-block, but is much more widely used and updated frequently. To block a specific IP you can do this:

# Block requests from 1.2.3.4
Rack::Attack.blacklist('block 1.2.3.4') do |req|
  # Requests are blocked if the return value is truthy
  '1.2.3.4' == req.ip
end

Related questions

Is it secure to store passwords as environment variables (rather than as plain text) in config files?

I work on a few apps in rails, django (and a little bit of php), and one of the things that I started doing in some of them is storing database and other passwords as environment variables rather than plain …

Read More
How to use secrets.yml for API_KEYS in Rails 4.1?

In one of my recent projects I started out by .gitignoring the files containing secrets and environment variables. So the entire project is committed to the repo except the files that contain third party secrets such as that of Stripe, …

Read More
Is this Rails JSON authentication API (using Devise) secure?

My Rails app uses Devise for authentication. It has a sister iOS app, and users can log in to the iOS app using the same credentials that they use for the web app. So I need some kind of API …

Read More