NAME

Plack::Middleware::Access - Restrict access depending on remote ip or other parameters

VERSION

version 0.3

SYNOPSIS

# in your app.psgi
use Plack::Builder;

builder {
  enable "Access" rules => [
      allow => "goodhost.com",
      allow => sub { <some code that returns true, false, or undef> },
      allow => "192.168.1.5",
      deny  => "192.168.1.0/24",
      allow => "192.0.0.10",
      deny  => "all"
  ];
  $app;
};

DESCRIPTION

This middleware is intended for restricting access to your app by some users. It is very similar with allow/deny directives in web-servers.

CONFIGURATION

rules

A reference to an array of rules. Each rule consists of directive allow or deny and their argument. Rules are checked in the order of their record to the first match. Code rules always match if they return a defined non-zero value. Access is granted if no rule matched.

Argument for the rule is a one of four possibilites:

"all"

Always matched. Typical use-case is a deny => "all" in the end of rules.

remote_host

Matches on domain or subdomain of remote_host if it can be resolved. If $env{REMOTE_HOST} is not set, the rule is skipped.

ip

Matches on one ip or ip range. See Net::IP for detailed description of possible variants.

code

An arbitrary code reference for checking arbitrary properties of the request. This function takes $env as parameter. The rule is skipped if the code returns undef.

deny_page

Either an error message which is returned with HTTP status code 403 ("Forbidden" by default), or a code reference with a PSGI app to return a PSGI-compliant response if access was denied.

METHODS

allow( $env )

You can also the allow method of use this module just to check PSGI requests whether they match some rules:

my $check = Plack::Middleware::Access->new( rules => [ ... ] );

if ( $check->allow( $env ) ) {
    ...
}

SEE ALSO

If your app runs behind a reverse proxy, you should wrap it with Plack::Middleware::ReverseProxy to get the original request IP. There are several modules in the Plack::Middleware::Auth:: namespace to enable authentification for access restriction.

ACKNOWLEDGEMENTS

Jakob Voss

Jesper Dalberg

AUTHOR

Yury Zavarin <yury.zavarin@gmail.com>

COPYRIGHT AND LICENSE

This software is copyright (c) 2010 by Yury Zavarin.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.