However this assumes that the site is hosted in some place where the firewall is easy to access. This is not always the case and even if it is you really do not want the sysadmin or developer to be having to drop everything just to make some small change to a firewall config (and as any sysadmin will tell you, THERE IS NO SUCH THING AS A SMALL CHANGE!)
It would be better if this were part of the app itself, it would mean that it was portable and under the developers control - or even the users control if the ip address was a user configurable option. Could you not go for username / password access first and then reject the user based on the ip address (a before filter that checks the ip address and / or the x-forwarded header)? This would work the same way but not require any hacking of Devise. Do you have only one ip address (set) / user combination or are there multiple users each of whom might come from different ip addresses. Just as if you were allowing several institutions access to a service. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
