Adding a line in the post request can bypass a the IP whitelisting.

X-Forwarded-For:'::1'

The X-Forwarded-For HTTP header field is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer. Source: Wikipedia

https://metahackers.pro/rails-web-console-v2-whitelist-bypass-code-exec/