I want the /admin route on my rails app to be protected by using

Question

0

Editorial Team

Asked: May 14, 20262026-05-14T19:43:34+00:00 2026-05-14T19:43:34+00:00

I want the /admin route on my rails app to be protected by using

0

I want the /admin route on my rails app to be protected by using .htaccess password files – is this possible?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-14T19:43:34+00:00

Rails has a built-in helper for this, you could place this in your application controller:

protected
  def authenticate
    authenticate_or_request_with_http_basic do |username, password|
      username == "admin" && password == "test"
    end
  end

Then use a before_filter on any controllers you want to protect (or just stick it in the application controller to block the whole site):

before_filter :authenticate

This method works on Nginx as well as Apache, which is an added bonus. It doesn’t, however, work if you have full page caching enabled – as the visitor never hits the Rails stack; it won’t kick in.

Edit
Just noticed that you specified the /admin route. All my admin controllers inherit from an AdminController. You could set yours up like so:

/app/controllers/admin/admin_controller.rb

class Admin::AdminController < ApplicationController
  before_filter :authenticate
  protected
    def authenticate
      authenticate_or_request_with_http_basic do |username, password|
      username == "admin" && password == "test"
    end
  end
end

Then have all your controllers extend the admin controller, eg:

class Admin::ThingsController < Admin::AdminController

My routes are setup like so:

map.namespace :admin do |admin|
    admin.resources :things
end

Hope that helps.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I want the /admin route on my rails app to be protected by using

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply