Best practice for allowing access from certain IPs

I've got an app that I'm going to lock down access to at the webserver
level in IIS but I haven't really worked with interceptors and
security in Coldbox yet, so I wanted to also see about doing a double
check at the application level. I was wondering what the best way
would be to enforce certain criteria (in this case remote ip address)
to access events. I'm presuming it would be some sort of pre-handler
interceptor but I was hoping there was a best practices guide out
there with solid examples.


You're on the right track, go for an interceptor.

If you want user/password security, take a look at security interceptor.

If you want both then extend the security interceptor with ip-address rejection.


I'll actually be doing it only based on ip for now, it is basically a
backend to a system written in .net and we are doing data exchange
over json, so I just want to make sure that all of the calls to my
system are only being called by the people that ought to be calling

I'll take a look at the security interceptor though, thanks.


If you all calls come from the same domain, you should do a domain check.only.
So skip the security interceptor.