Welcome to the Linux Foundation Forum!

Lab 10.1 Block IP address Express

Seems like the validate.js not working properly.

Ive tried to request using it and debug the remoteAddress of two requests:

validate.js

  1. ☑️ GET http://localhost:3000/ responded with 200 response
  2. ⛔️ GET http://localhost:3000/ must respond 403 when requested from attacker IP

debug from the service

  1. ::ffff:127.0.0.1
  2. GET / 200 12.448 ms - 170
  3. ::ffff:127.0.0.1
  4. GET / 200 7.434 ms - 170

Code:

  1. ...
  2. if (req.socket.remoteAddress.includes('111.34.55.211')) {
  3. const err = new Error('Forbidden');
  4. err.status = 403;
  5. next(err);
  6. return;
  7. }
  8. ...

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Comments

  • Same with lab 10.2

    1. 04:17:01 request completed 1ms
    2. 04:17:06 incoming request GET xxx /
    3. 127.0.0.1
    4. 04:17:06 request completed 2ms
    5. 04:17:06 incoming request GET xxx /
    6. 127.0.0.1

    Code:

    1. module.exports = fp(async (fastify, opts) => {
    2. fastify.addHook('onRequest', async (req) => {
    3. console.log(req.ip);
    4. if (req.ip === '211.133.33.113') {
    5. throw fastify.httpErrors.forbidden();
    6. }
    7. })
    8. })

    both are working in IP: 127.0.0.1

  • I'm unable to reproduce this.

    Make sure there are no other node processes running, especially not the service, when you run node validate.js - the validate script will start the service.

  • I think you can simply check the ip by using req.ip !== 'the ip you want to detect'

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training