Introducing Alpaca: A Rack Middleware for Blocking IPs

I wrote a gem. Meet Alpaca (outta nowhere). It’s a rack middleware gem that allows developers to quickly and easily manage whitelists and blacklists. The motivation for this gem revolves around satisfying specific security concerns such as malicious clients or denial of service.

Alpaca supports IPv4 and IPv6. It can whitelist or blacklist:

  • Globally across the application
  • All controller actions
  • Subset of controller actions

The above may be whitelisted or blacklisted via a single IP, range of IPs, or hostnames. Configuration is made easy using YAML in config/alpaca.yml. Here’s an example:

1
2
3
4
5
6
7
8
9
10
11
12
# The defaults below are reserved IPv4 and IPv6 addresses used for testing.
# Replace the IP addresses in this configuration file with your own.

whitelist:
  - 0.0.0.1
  - 198.18.0.0/15
  - "::/128"
blacklist:
  - 0.0.0.1
  - 0.0.0.2
  - "2001:db8::/32"
default: allow

This gem additionally comes packaged with the ability to block IPs at the controller level. This functionality is useful in restricting certain API resources or specific endpoints to certain IP addresses. I wrote Alpaca primarily for this reason. I needed to satisfy some organizational security requirements in a production setting.

For more information about the implementation details, you can read the README.