3

Im using a very basic script of a server with node.js and Net module... Im receiving suspicious connection from IP. I can add all ips that I dont want connected... Its automatic: When the user dont auth, I push his IP into an array and close the socket. If he reconnect Im verifying if his IP is in the array, if true, I close socket again. How to verify this black-list-array before that IP connects to the server? What is the way?

Filipe Tagliacozzi
  • 1,431
  • 2
  • 20
  • 28
  • 1
    be aware that there will always be a lot of drive-bys from port and range scanners, mostly looking for mysql and php vulnerabilities that node.js is basically immune to. In short, don't be surprised or overly-alarmed when you see Romanian anti-sec pings, no big whoop. – dandavis Jun 18 '13 at 21:13
  • Tnx bout your comment you calm me down. Exacly that.. Im receiving connection from south arabi and its sending this content: H�������}��ï¿+)�]�����ï¿+H`... – Filipe Tagliacozzi Jun 18 '13 at 21:19
  • @FilipeTagliacozzi Perhaps the most reliable solution would be to put your NodeJS server behind a well written proxy which you can setup to block any IP you want (nginx or something). – freakish Jun 18 '13 at 22:04

1 Answers1

11

The ideal solution would be to block the IP before it gets to Node.js. Or at least have Linux block it - see this for an example.

But to answer your specific question, you can do something like this:

var http = require('http');

http.createServer(function (req, res) {

    var request_ip = req.ip 
            || req.connection.remoteAddress 
            || req.socket.remoteAddress 
            || req.connection.socket.remoteAddress;

    if (request_ip == '86.75.30.9') // put the IP address here
    {
        // make them wait a bit for a response (optional)
        setTimeout(function() {
            res.end();
        }, 5000);

    }

}).listen(80, '127.0.0.1');
ruffrey
  • 6,018
  • 3
  • 23
  • 19
  • Out of curiosity, why is it much preferable to block IPs at a lower level than node? – Gershom Maes Jan 09 '19 at 15:57
  • 3
    The OS/kernel can drop packets orders of magnitude more efficiently than Node. Networking happens in the kernel, so it is going to pass through to get to Node. The kernel can block sooner in the connection than Node can, also. – ruffrey Jan 10 '19 at 18:13