I just launched rack-allow-from, white listed host controls. Add hosts, like config.allow_from += ["1.2.3.4", "8.8.8.*", "example.com", "*.example.com"] to your application.rb. One caveat, using hostnames requires the client send the header X-Remote-Hostname (see the docs). Everyone else gets 403 unauthorized access... Tests and some docs to boot.

I really like ARel, but I find its lack of documentation an unreasonably high barrier to using it... And since no one I work with was willing to read their code and tests, to figure out how to use it, I wrote a coupla things about it. For a nice cutsey scenario see this post or for a simple reference see this slideshare.