How in node.js to limit access on ip?

It is necessary to allow access to the site for only a few ip. But how to do it - I can not find anywhere.

Thanks in advance to all who responded!

  • one
    So what's the problem? You do not know how ip in node.js to calculate what? - Zowie
  • @AlexWindHope, my crystal ball says yes. ) - Nofate
  • My knowledge of the node is very superficial. there is practically no understanding of the logic of work. All infa torn out pieces of Western manuals. I did not find information on this issue. Let's say how to determine the ip I can find, but where to register it check, and what to do in case of coincidence / mismatch is not clear. - Vitalii Maslianok

2 answers 2

If I understood correctly, then somehow (not tested)

var http = require('http'); function createHttpServerForIps( ips, isProxy, onAllowed, onNotAllowed ) { return http.createServer(function( request, response ) { function getIp() { return isProxy ? request.headers['x-forwarded-for'] || : request.connection.remoteAddress; } function ipAllowed( ip ) { var allowed = false; for( var i=0; i<ips.length; ++i ) { if( ip === ips[i] ) { allowed = true; break; } } return allowed; } ipAllowed( getIp() ) ? onAllowed( request, response ) : onNotAllowed( request, response ); }); } var isProxy = false; createHttpServerForIps([ '', '344.344.344.344' ], isProxy, function( request, response ) { // ... allowed }, function( request, response ) { // ... not allowed } ).listen(8000); 

In the case of a match (the first callback), your logic works, in case of an error (the second callback), you can either give 403 or break the connection stupidly, you decide.

  • Thank you, very worthy answer! Now the main thing is that the getIp () function correctly renders IP. I will test a little later. Thank you - Vitalii Maslianok
  • one
    @Vitalii Maslianok - you can not test (drink a cup of coffee instead :)), everything works, regardless of whether there is a nginx proxy or not - Zowie
  • . function getIp () {return request.headers ['x-forwarded-for'] || request.connection.remoteAddress; } This is the stupidest ip access restriction I've ever seen. - Ilya Pirogov
  • one
    @AlexWindHope,> Generally, as far as I know, nginx overwrites custom headers. Can rewrite and rewrite - these are different things. Actually, nginx does only what it is told to do in the settings. If there is just there: proxy_pass ; That he will transfer request one in one without changes. Properly, when proxying, you need to set it up as a custom header, for example: proxy_set_header X-Real-IP $ remote_addr; And in nodejs to check if remoteAddress == nginxAddress , then take ip from the X-Real-IP header. - Ilya Pirogov
  • one
    "And in nodejs, check if remoteAddress == nginxAddress" what ??? I, of course, understand everything perfectly, but, for that matter, let's write questions about the book, about nginx, about custom headers, about how to configure a proxy (... about the meaning of life ...). If a person does not fumble in the nginx configuration, then he pulls the config from the network, there is a header override, and if he fumbles without us, doesn’t he? - Zowie

They got IP ( req.connection.remoteAddress ), compared it with the list, if not allowed - they dropped the client in response according to RFC status 403 Forbidden .

  • one
    @Nofate - if node.js works for nginx proxy, then remoteAddress will always be '' :) - Zowie
  • one
    hmm, I did not think. - Nofate
  • If nginx is running on the same server as node.js, then the check will be: if (request.connection.remoteAddress == '') {return request.headers ['x-real-ip']; } return request.connection.remoteAddress; If on another server, then instead of there will be the address of this server, respectively. - Ilya Pirogov
  • @Ilya Pirogov, I just did not understand - what is the address of the server better than the isProxy flag? - Zowie
  • 2
    @AlexWindHope, @Ilya Pirogov, thanks for the informative discussion. - Nofate