Mimic.htaccess or some other type of password protection with webrick

Question

Mimic.htaccess or some other type of password protection with webrick

I have a rail application that I like to develop on the server much more than locally, a slow computer, the problem is even that the server has a great development environment. I need a way to look at the pages I'm working on,

It is quite easy if I did not care that the application was visible to the public, but it could not be seen anywhere except for the production server.

So, I had the idea of just putting the basic httpauth, and then only I see the rails application, but it is still hosted on the server.

If I did this with apache / php, I would just use the .htaccess file to protect the directory, but I don’t know how to protect the application from the public with WEBrick.

If anyone has any ideas, I would really like for me to not have any code changes or just code changes in the files, I can .gitignore, so deployment is still easy.

+6

security ruby-on-rails .htaccess webrick

austinbv Nov 15 '11 at 20:09

source share

4 answers

This question Ruby Webrick HTTP authentication seems to give an answer

Here is a link to Webrick docs . It sounds like you need something like this from the link above:

 realm = "Gnome realm" start_webrick {|server| server.mount_proc('/convenient_basic_auth') {|req, resp| HTTPAuth.basic_auth(req, resp, realm) {|user, pass| # this block returns true if # authentication token is valid user == 'gnome' && pass == 'supersecretpassword' } resp.body = "You are authenticated to see the super secret data\n" } }

and link to rdocon WEBrick / HTTPAuth

 config = { :Realm => 'DigestAuth example realm' } htpasswd = WEBrick::HTTPAuth::Htpasswd.new 'my_password_file' htpasswd.auth_type = WEBrick::HTTPAuth::DigestAuth htpasswd.set_passwd config[:Realm], 'username', 'password' htpasswd.flush

+2

Paul rubel Nov 18 '11 at 16:17

source share

I'm sorry if I'm missing something, but why don't you work with Rails's built-in HTTP authentication?

 class ApplicationController < ActionController::Base protect_from_forgery http_basic_authenticate_with :name => "dhh", :password => "hatezgroupon", :if => lambda { Rails.env.development? } end

+2

twmills Nov 24 '11 at 2:06

source share

If you are not stuck with WEBrick, the best solution would be to use nginx, which is a proxy for a unicorn. Here is a good tutorial: here

+1

LanguagesNamedAfterCofee Nov 21 '11 at 1:11

source share

Harish shetty · Accepted Answer · 2011-11-21T00:18:59+0000

You can restrict access using basic auth or IP white listing

on the rack

Basic Auth

Add to your config/environments/development.rb

following:

 config.middleware.use Rack::Auth::Basic, "Beta Access" do |username, password| 'secret' == password end

IP White Listing

I found two stones for this purpose:

rack-auth-ip

rack-ip-whitelist

I would use rack-auth-ip , as it has been for some time. Add to your config/environments/development.rb

 config.middleware.use Rack::Auth::IP, %w( YourIPAddress )

Now the instance is available only if the source IP is in the white list.

Mimic.htaccess or some other type of password protection with webrick

More articles: