2

I am using following code to implement reverse proxy at node.js . It is working fine but problem is that when I am trying to access server 127.0.0.1:9008/" it is quite accessible. I want it to be accessible only through proxy server. Please help..

var http = require('http'),
httpProxy = require('http-proxy');

//
// Create a proxy server with latency
//
var proxy = httpProxy.createProxyServer();

//
// Create your server that make an operation that take a while
// and then proxy de request
//
http.createServer(function (req, res) {
// This simulate an operation that take 500ms in execute
setTimeout(function () {
 proxy.web(req, res, {
  target: 'http://127.0.0.1:9008'
});
 }, 500);
}).listen(8008);

//
// Create your target server
//
 http.createServer(function (req, res) {
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.write('request successfully proxied to: ' + req.url + '\n' + JSON.stringify (req.headers,      true, 2));
 res.end();
 }).listen(9008);
user3273675
  • 39
  • 7

1 Answers1

2

}).listen(9008, "127.0.0.1");

That will have your target server listen on the loopback IP address, which is not reachable from other machines. This is standard practice for services behind a proxy.

When you bind to 127.0.0.1 by changing your last line to what I have above, you are achieving your goal. It is not possible to restrict beyond this. You will always be able to connect to your target server on its port but ONLY WHEN CONNECTING FROM THE SAME MACHINE. This is what loopback means. If you tried to restrict further, even the proxy itself wouldn't be able to connect, which is necessary for the system to function at all.

If you are going to write web servers and proxies, read some basic networking tutorials and learn about non-routable loopback IP addresses. Then this will make more sense, but no since you commented I have no intention of explaining why this works beyond the paragraph above.

Peter Lyons
  • 142,938
  • 30
  • 279
  • 274