Restrict access to Node.js-based HTTP server by IP address


How can I restrict access by IP address in a Node.js HTTP server application?

I'm looking for something like this:

Deny from all
Allow from ..

I need to allow access to the site for only a few IP addresses. How can I do this?

Problem courtesy of: Vitalii Maslianok


I'm not sure how bulletproof is this approach, but here it is, collected from answers around the web:

var http = require('http');
http.createServer(function (req, res)
    var ip = req.ip || req.connection.remoteAddress || req.socket.remoteAddress || req.connection.socket.remoteAddress;
    if (ip == '') // exit if it's a particular ip

Please, someone more proficient in node - correct me

Solution courtesy of: Alex


If you are restricting access to the entire server by network address, it is best to put those rules in your firewall. If you want to handle it at the application layer for some reason (ease of configuration, dynamic authorization, etc.) then it is best to do this immediately upon connection rather than waiting for an HTTP request.

Node.js' http.Server emits a connection event which you can use to determine the remote address and kill the connection before (or during) the actual HTTP request. This code is untested but should get you started:

var server = http.createServer(function (req, res) {
  // Your normal request handling goes here

server.on('connection', function (sock) {
  // Put your logic for what to do next based on that remote address here

Discussion courtesy of: Brad

This recipe can be found in it's original form on Stack Over Flow.