IP ban using Express

Hey, I would like to know how to ip ban someone and know who I banned

so I tried the code below to get the visitors ip:
const express = require("express");
const app = express();
app.get("/", (req, res) => {
const IP = req.headers["x-forwarded-for"].split(",")[0];
console.log(IP); // logs the ip in server console
res.send(IP); //sends the IP back to the client


once I get the ip of the user how do I know who’s is it?

and even if I get the ip adress how do I IP ban Without PHP

If you want to “find out” who the user is, you can always block the unwanted IP after collecting it from something such as a form. As for an IP in express, you might want to look to other users as node.js isn’t my expertise. :slight_smile:

var array = [ip, ip]
app.get('/', (req, res) => {
//that other code
array.forEach(function(item, index){
if(IP == item) return res.redirect('/blocked') 

That should work - not tested. Send any errors and will fix tomorrow

1 Like

A better title would be “IP Ban with express” instead of “IP Ban without PHP” because it makes it sound like you think PHP is the official solution for IP bans.

1 Like

@javaarchive you’re a Regular, you can change it. :stuck_out_tongue:

@EddiesTech just making your code better

var banned = [ip, ip];
// the list of IPs you wanna ban

app.get("/", (req, res) => {
   banned.forEach(ip => {
     if (IP === ip) {
         res.sendStatus(401).send("You have been IP banned!");
         // 401 status code means unauthorised 
     } else {
        // they are not banned
        // send index.html file

Redirects aren’t wise when you are doing stuff such as IP banning as they can cause problems (for example sending a GET requests from a banned IP with no redirects).

1 Like

There’s no way to actually figure out who is behind the IP so there goes that idea.
Next, VPN’s are a thing, this isn’t gonna work very well if I’m gonna be honest.

1 Like

What do you mean by that? The request parameter offers a lot of data including the host origin domain (or URL) from where the request was made which can be used and the IP can be obtained with

const IP = req.headers["x-forwarded-for"].split(",")[0];
1 Like

What @Anish means is that you can’t find out who owns a specific IP which was what @idodev asked


Unless someone connects to an account using that IP


Or contacts the staff with that IP.

Then the issue would be that the IP is probably a Dynamic IP from their ISP. It usually isn’t a static IP they connect from. Next their is VPNs & Proxies to handle as @Anish mentioned. Although in the works is something that will make your IP static/dynamic at will. (useful for lots of things)


You also have to deal with IPv6 stuff. Just letting you know. I think I may know how to handle the stuff I mentioned in this post and above post of mine

Ooh, IPv6 drives me crazy.


IPv6 is very cool, very.

1 Like

@idodev You may need to check a file (you create) to see if the user’s IP matches any IP in TXT file.



That is not a valid IPv4 address :joy:

That is not a valid IPv6 address :joy:

1 Like

Lol, It isn’t. It definitely isn’t at all. :rofl:

Really? Thats my IPv6 address!