if the user goes and directly writes in the address bar myappurl/action/adcontent/TheContent that is valid and the rails app processes it.
How i can avoid this? i mean, remome access to certain actions of the rails app completely.
Put a line
in your controller.
Then put any controller methods that you don't want to be available via user entered URL's beneath that line. Anything below the 'protected' line can only be invoked from other methods in your app.