Restrict access to Node.js-based HTTP server by IP address

Question

How can I restrict access by IP address in a Node.js HTTP server application?

I\'m looking for something like this:

Deny from all
Allow from ..


        

Answer 1

I'm not sure how bulletproof is this approach, but here it is, collected from answers around the web:

var http = require('http');
http.createServer(function (req, res)
{
    var ip = req.ip || req.connection.remoteAddress || req.socket.remoteAddress || req.connection.socket.remoteAddress;
    if (ip == '127.0.0.1') // exit if it's a particular ip
        res.end();
...

Please, someone more proficient in node - correct me

Answer 2

If you are restricting access to the entire server by network address, it is best to put those rules in your firewall. If you want to handle it at the application layer for some reason (ease of configuration, dynamic authorization, etc.) then it is best to do this immediately upon connection rather than waiting for an HTTP request.

Node.js' http.Server emits a connection event which you can use to determine the remote address and kill the connection before (or during) the actual HTTP request. This code is untested but should get you started:

var server = http.createServer(function (req, res) {
  // Your normal request handling goes here
});

server.on('connection', function (sock) {
  console.log(sock.remoteAddress);
  // Put your logic for what to do next based on that remote address here
});

server.listen(80);