You can do it from the Ruby on Rails application or even better way is to do it where you define your infrastructure and configure your proxy/loadbalancer etc. to allow it.

constrains manage
  class Whitelist
    def matches?(request)
      vpn = IPAddr.new("10.1.0.0/16")
      return true if Rails.env.development? || vpn.include?(request.remote_ip)

      Rails.logger.info("Blocking access for #{request.remote_ip} to #{rifiniti_vpn}")
      false
    end
  end

  constraints Whitelist.new do
    namespace :manage do
	...protected
    end
  end