I would like to block a specific IP address from accessing my website written in NodeJS, using embedded JS.
Here is my file tree (the important part is chat.ejs and server.js, ignore the other files)
How would I use ejs to block certain IPs from accessing the site? Or even just sending them to another "blocked" page if they visit from a blocked IP, not allowing them to access the main site. It's a small project and only a few people use the site at the moment so I'm not concerned about dynamic IPs or people being blocked with the same IP.
Thanks!
Colin
As mentioned this is more of a 'server' question and can be done many of ways by incorporating an ACL ( access control list )
Depending on where you are hosting (AWS has security groups where you can add CIDR blocks for IP ranges etc) or even on the running web-server (apache, NGINX)
This can also be done in 'code' if you so wish by adding middleware OR conditions in the get request itself. The basic idea is to obtain the client IP via the request object so for example
Lets say you have a 'predefined' array of 'allowed' IP's
const ips = ['123.23.232.23','123.23.232.23']
let reqIP = req.connection.remoteAddress //Gets the IP of the requestor
if( reqIP.indexOF(ips) !== -1){
//continue to process the request and return results
}else{
//IP not in the list, redirect them to a new page
}
This is not tested code but the concept should work in allowing you to 'block' specific request by IP however this only works if you know for sure the 'IP' is not dynamic etc
With that said, this is generally better to do on the web-server, otherwise your putting unneeded processes on the node server that could have been blocked at the WS layer OR (in the AWS case) before it even hits the webserver.
Related
Getting a lot of traffic [likely bots] that are hitting my site via an IP address instead of a domain.
For example, a user would access my site at https://www.example.com/login but I'm getting traffic using the IP instead: https://123.45.678.910/login
I would like to block access to anything using the IP instead of the domain. Can this be done via the .htaccess file?
I can do it via PHP, but by then, it's already wasting resources. Is there another / common / best-practice way to handle this?
When googling for the solution, I get a LOT of information about how to block or allow specific IP address(es) or range of IPs, but that's not what I'm looking for.
I would like to ask, can anyone here advise on how to have a specific web address enabled to display only at a specific IP address that I choose?
I've only got HTML basics, and nowhere have I found a way to get this or are there any storage sites that support this?
I want it for storing a script I don't want to have publicly and I need it fixed to an IP address.
javascript:$.getScript('secret url);void(0);
Thank you
You will need to blacklist all other IPs and whitelist the IPs you want it to have access to.
Shared Hostings will have their own GUI for doing this but if you're hosting your app using a VPS (Virtual Private Server).
The most common approaches are:
Option #1: Through Web Server (Nginx, Apache, etc...)
Nginx
https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-tcp/#restricting-access-by-ip-address
Apache
https://httpd.apache.org/docs/2.4/howto/access.html
Option #2: Through Backend Server (PHP, Ruby, etc...)
PHP IP Address Whitelist with Wildcards
Note:
You will need to have your HTML page rendered using one of these
approaches to make it work.
The flow would look like this:
User visits the page -> Web Server Checks If the IP is allowed ->
Backend Server Checks if the IP is allowed (optional) -> Serve the
HTML.
Here's the basic situation:
I have an application on AWS which needs to serve assets to and create 'share' links for content hosted on my AWS servers. I need to figure out a way to still use the URL/domain from another clients infrastructure, so it will essentially whitelabel our application as coming from their services. I was thinking of using Route53 and a CNAME, but things like the dynamic 'share' urls will create a huge problem for redirects. Does anybody have any ideas on how this could be accomplished?
I think that you will have to set up your server at the "whitelabeling" location to have a web server that can call the other URLs and return their content. Ie, you create a server that responds at whitelabel.com, which then calls myAWS.com and passes the result back to whoever called whitelabel.com. You could make this flexible by allowing whatever the end destination URL needs to be to be passed in as a parameter (so, if you call whitelabel.com/foo, it will call myAWS.com/foo), though this has some security ramifications, and also requires a lot of knowledge by the consumer of exactly where things will reside.
I'm wondering if it's possible to host an application on one server (S1) with the root directory of a domain (example.com/) as its approot, but have a TOTALLY DIFFERENT application on another server (S2) with its approot pointing to a specific path of the same domain (example.com/server2).
I'm not talking about subdomains; I'm not talking about load-balancing one application. I'm talking about example.com/* pages on S1, and example.com/server2/* pages on S2. Anyone have any ideas? Thanks!
I'm not familiar with the term "approot", but suspect it is the name of some configuration at the webserver end. It's better to think about these kinds of question from the other end: how will a message get from the browser to the right server. The user gives the browser a URL; the hostname in the URL is looked up in DNS to find an IP address; an HTTP request is sent to that IP address, with the requested path in it.
So ultimately, you have to have some server (or set of interchangeable servers) serving the whole of example.com, because that's the only part that will be looked up in DNS.
That server could, however, be a proxy, which looks at each request it receives, and passes it on to another server based on some configured rules.
Background context: ASP.NET / IIS (not sure if it matters)
I have a web app at example.com, and a user of my app gets his own content page at an address like example.com/abc-trinkets. I would like to offer the user the ability to point his own registered domain at my web app so his content is accessed at abctrinkets.com. Initially looking on the order of 10-100 users with custom domains.
Ideally, I would like my user to just have a single hostname or IP address that he needs to know to configure properly with his registrar, and if I change the setup of my servers (different host, change addresses, load balancing, etc.) the user will not have to change his settings.
I have no trouble handling the requests once they hit my web app, but I am looking for input on the best way to set the routing up so requests actually come to my app/server. I would like a "catch-all" type of behavior that does not require me to individually configure anything for each domain a user might point to me.
I assume I will need some kind of layer between the address I give my user and my actual server ... is this like a managed DNS service or some other type of nameserver thing I would set up with my host? Is this something simple that should already be handled by a few simple settings on my webserver? I worry that I am making this more complicated than it needs to be.
Write a script that examines the Host header in the request. In your example, if it's abctrinkets.com, then you'd either redirect or forward the request to /abc-trinkets. You'd still need a database or something for mapping the domain names to the URLs; if you're going to allow arbitrary domain names for each user account, then there's no possible way to avoid that.