How to deny access from direct IP

[KrikriG]

Hello,

What I'm trying to do is to authorize access to the web server only from the url (i.e.: deny access from the direct server IP).

I use this command: ws --cert /etc/letsencrypt/live/xxx/fullchain.pem --key /etc/letsencrypt/live/xxx/privkey.pem -p 443 --spa index.html

The result is that I can access either by the url or the server IP. How can I restrict the access only from a specific URL ?

Thx by advance.

[75lb]

There is no default way to achieve this - even if you use the --hostname option (e.g. ws --hostname mba4.local) the server will still accept connections via IP address.

In general, if you want to control connections to a Node.js server you add your logic to the connection event. So, try this.

You'll need a custom middleware plugin.

The middleware function in this example returns undefined, so middleware is not added to the stack. However, it does modify the listening lws.server, adding a connection handler. Put your logic there, destroying any connections that do not meet your criteria.

class IpKiller {
  middleware (config, lws) {
    lws.server.on('connection', socket => {
      // destroy the socket if it doesn't meet your criteria
    })
  }
}

module.exports = IpKiller

Let me know how it goes.

[KrikriG]

Ok thx for the rapid answer. I'm not sure that i really understand everything but I'll try to make a middleware asap

Do I have to use it with --stack option ?

[75lb]

Do I have to use it with --stack option ?

yes.. it's all documented in the Wiki link i sent you

[75lb]

Is this issue resolved?

[75lb]

Closed as stale.