Welcome to the Linux Foundation Forum!

Lab 10.1 Block IP address Express

Seems like the validate.js not working properly.

Ive tried to request using it and debug the remoteAddress of two requests:

validate.js

☑️  GET http://localhost:3000/ responded with 200 response
⛔️ GET http://localhost:3000/ must respond 403 when requested from attacker IP

debug from the service

::ffff:127.0.0.1
GET / 200 12.448 ms - 170
::ffff:127.0.0.1
GET / 200 7.434 ms - 170

Code:

...
if (req.socket.remoteAddress.includes('111.34.55.211')) {
    const err = new Error('Forbidden');
    err.status = 403;
    next(err);
    return;
  }
...

Comments

  • Same with lab 10.2

    04:17:01 ✨ request completed 1ms
    04:17:06 ✨ incoming request GET xxx /
    127.0.0.1
    04:17:06 ✨ request completed 2ms
    04:17:06 ✨ incoming request GET xxx /
    127.0.0.1
    

    Code:

    module.exports = fp(async (fastify, opts) => {
        fastify.addHook('onRequest', async (req) => {
            console.log(req.ip);
            if (req.ip === '211.133.33.113') {
                throw fastify.httpErrors.forbidden();
            }
        })
    })
    

    both are working in IP: 127.0.0.1

  • I'm unable to reproduce this.

    Make sure there are no other node processes running, especially not the service, when you run node validate.js - the validate script will start the service.

  • I think you can simply check the ip by using req.ip !== 'the ip you want to detect'

Categories

Upcoming Training