Securing Your Ruby on Rails Development Website
July 22, 2007 – 11:17 pmAt ThemBid.com, they allow developers 30% of their time to work on side projects similar to Google. For me, I use that time playing with the Digg.com’s API using Ruby on Rails.
One of the tools I developed has become very useful to me on a daily basis, so now I use it remotely via Linrails. I don’t want this pre-alpha site indexed by search engines or available to the public, so following are resources that describe some precautions that you may also find useful.
Don’t Allow Robots to Index Your Site
Use this resource to make sure no robots index your site if it is to be private.
Using HTTP Auth with Mongrel
Linrails uses Mongrel as the webserver, so you will need this to employ HTTP Authentication.
For Finer Grained Authentication Control
If you don’t care that parts of your application is available to the public or you just want to secure select pages.
Secure Your Directory (If Using Apache)
This .htaccess tutorial will help you to make the directory of your website off limits to all but you.
Remember that by default you will access your application through port 3000 like so: http://yourdomain.com:3000 and you should adjust your firewall and the forwarding on your router.