Block an Attackers' IP Address with Express: does not work

djedje

At least on my machine it does not work i mean.

if i console.log(req.socket.remoteAddress) it return that: ::ffff:127.0.0.1

Actually i can find the same info with the much simpler console.log(req.ip), but maybe behind the scene it s not as efficient as the previous one, i don t know...

so to bloc the localhost ip i used this solution

app.use((req, res, next) => {
    const sp = req.ip.split(':')
    if(sp[sp.length -1] === '127.0.0.1'){
        const err = new Error('Forbidden')
    etc .............................................

That works.

davidmarkclements

This is a good point, due to ipv6 local ip address may differ per machine and machine setup. I'll address this in the next update