Restrict access to Node.js-based HTTP server by IP address

Problem

How can I restrict access by IP address in a Node.js HTTP server application?

I'm looking for something like this:

Deny from all
Allow from ..

I need to allow access to the site for only a few IP addresses. How can I do this?

Problem courtesy of: Vitalii Maslianok

Solution

I'm not sure how bulletproof is this approach, but here it is, collected from answers around the web:

var http = require('http');
http.createServer(function (req, res)
{
    var ip = req.ip || req.connection.remoteAddress || req.socket.remoteAddress || req.connection.socket.remoteAddress;
    if (ip == '127.0.0.1') // exit if it's a particular ip
        res.end();
...

Please, someone more proficient in node - correct me

Solution courtesy of: Alex

Discussion

If you are restricting access to the entire server by network address, it is best to put those rules in your firewall. If you want to handle it at the application layer for some reason (ease of configuration, dynamic authorization, etc.) then it is best to do this immediately upon connection rather than waiting for an HTTP request.

Node.js' http.Server emits a connection event which you can use to determine the remote address and kill the connection before (or during) the actual HTTP request. This code is untested but should get you started:

var server = http.createServer(function (req, res) {
  // Your normal request handling goes here
});

server.on('connection', function (sock) {
  console.log(sock.remoteAddress);
  // Put your logic for what to do next based on that remote address here
});

server.listen(80);
Discussion courtesy of: Brad

This recipe can be found in it's original form on Stack Over Flow.