Multiple x-forwarded-for IPs

[bialesdaniel]

I'm trying to limit access to my express server and I have multiple values for the x-forwarded-for header. I want to allow access to the server if any of those values match the IPs i've designated. Is there a way to do this?

[ryanbillingsley]

@bialesdaniel you should be able to add any headers you want to use in the allowedHeaders option.

[bialesdaniel]

@ryanbillingsley Sorry I don't think I explained my problem correctly. I'm setting the allowedHeaders to x-forwarded-for but my x-forwarded-for has multiple values and it only checks the first one.

ex.: x-forwarded-for = "ipaddress1","ipaddress2","ipadress3"

[ryanbillingsley]

@bialesdaniel can you post you configuration for ipfilter as well as a request that you think should work, I am still not understanding what you are trying to accomplish, so maybe that will make it clearer.

[javier-tarazaga]

Hi guys, @bialesdaniel correct me if I am wrong but you mean something like this use case?

https://lostechies.com/derickbailey/2013/12/04/getting-the-real-client-ip-address-on-a-heroku-hosted-nodejs-app/

As stated in the post, Heroku uses some internal routing system to forward the original request. In this case, Heroku puts the client real IP as the last value of the array of Ips in the header 'x-forwarded-for'

In the lib you have the following code:

if (headerIp) {
      var splitHeaderIp = headerIp.split(',');
      ipAddress = splitHeaderIp[0];
    }

In this case you are only taking into account the first IP of the array, what if in the case of Heroku, the header contains multiple Ips?

[ryanbillingsley]

Ah ok, now I understand the problem. Thanks for the clarification @javier-tarazaga. Currently, there is no way to do that, so if someone wants to take a stab it that would be great, otherwise it might be a while before I can get to it.

[ryanbillingsley]

@bialesdaniel I added a way to write your own IP detection function in the latest version. You should be able to solve this problem using it.