6

Is it possible to apply different ip filters to different routes?

For example, I want only people from 123.123.123.123 can access my server's /test route, and only people from 124.124.124.124 can access my server's / route.

I know that express-ipfilter can restrict site access by IP Address. But it cannot apply the filter to specific routes.

I also know that adding app.use(ipfilter(ips, {})); in the middle of the routes can apply filter only to the routes below:

var express = require('express'),
    ipfilter = require('express-ipfilter').IpFilter;

var ips = ['::ffff:127.0.0.1'];
var app = express();

app.get('/test', function(req, res) {
    res.send('test');
});

app.use(ipfilter(ips, {})); // the ipfilter only applies to the routes below

app.get('/', function(req, res) {
    res.send('Hello World');
});

app.listen(3000);

But I want different filters for different routes.

Is it possible to do this?

Brian
  • 8,472
  • 13
  • 58
  • 111

3 Answers3

5

Yeah, it's possible. You could do something like:

app.get('/test', function(req, res){
    var trustedIps = ['123.123.123.123'];
    var requestIP = req.connection.remoteAddress;
    if(trustedIps.indexOf(requestIP) >= 0) {
        // do stuff
    } else {
        // handle unallowed ip
    }
})

You may need to make sure that requestIP is correctly formatted though.

Jeremy Jackson
  • 2,177
  • 11
  • 21
  • 3
    +1 could even write up a middleware function for a clean implementation if you need to implement it on several routes. – Carman Babin Jan 12 '17 at 04:00
  • 2
    For those using Google App Engine or another server running NGINX, this answer about getting the IP address with `req.headers['x-forwarded-for']` is relevant in combination with the method above: https://stackoverflow.com/a/10849772/1024735 – kevinmicke Aug 29 '19 at 05:27
4

Warning: package express-ipfilter is now deprecated.

You can chain middlewares (and ipFilter is a middleware). There are 2 ways to do this:

var express = require('express'),
    ipfilter = require('express-ipfilter').IpFilter;

var ips = ['::ffff:127.0.0.1'];
var testers = ['1.2.3.4'];
var app = express();

app.get('/test', ipfilter(testers, {mode: 'allow'}), function(req, res) {
    res.send('test');
});


// the ipfilter only applies to the routes below  
app.get('/', ipfilter(ips, {mode: 'allow'}), function(req, res) {
    res.send('Hello World');
});

app.listen(3000);

Or qualify the use of the middleware:

var express = require('express'),
    ipfilter = require('express-ipfilter').IpFilter;

var ips = ['::ffff:127.0.0.1'];
var testers = ['1.2.3.4'];
var app = express();

app.use('/test', ipfilter(testers, {})); // the ipfilter only applies to the routes below    

app.get('/test', function(req, res) {
    res.send('test');
});

app.use('/', ipfilter(ips, {})); // the ipfilter only applies to the routes below

app.get('/', function(req, res) {
    res.send('Hello World');
});

app.listen(3000);
F0G
  • 2,434
  • 1
  • 18
  • 30
bsyk
  • 1,315
  • 9
  • 16
  • 8
    Are you sure express-ipfilter is now deprecated? express-ipfilter was last published 2 months ago, whereas express-ip-filter (with hyphen) was last published 3 years ago – Dave Goodchild Jun 21 '19 at 07:57
0

In your main file where u defined app,

app.use('/test',require('./whereever-my-route-is-located-where /test routes '));
app.use('/',require('./wherever-my-this-routes-are-located'))

in your route file .

var express = require('express'),
    router = express.Router();
//Ip verification for all requests : for whereever-my-route-is-located-where /test routes 
router.use(function(req, res, next) {
    //verify Ip Logic
});
//this will be called for every route u define in that file, if it fails.
Parth Ghiya
  • 6,401
  • 2
  • 27
  • 35