IP ban using Express

idodev · July 6, 2020, 12:06am

Hey, I would like to know how to ip ban someone and know who I banned

so I tried the code below to get the visitors ip:
const express = require("express");
const app = express();
app.get("/", (req, res) => {
const IP = req.headers["x-forwarded-for"].split(",")[0];
console.log(IP); // logs the ip in server console
res.send(IP); //sends the IP back to the client
});

app.listen(3000);

once I get the ip of the user how do I know who’s is it?

and even if I get the ip adress how do I IP ban Without PHP

RiversideRocks · July 6, 2020, 12:17am

If you want to “find out” who the user is, you can always block the unwanted IP after collecting it from something such as a form. As for an IP in express, you might want to look to other users as node.js isn’t my expertise.

EddiesTech · July 6, 2020, 12:20am

var array = [ip, ip]
app.get('/', (req, res) => {
//that other code
array.forEach(function(item, index){
if(IP == item) return res.redirect('/blocked') 
})
})

That should work - not tested. Send any errors and will fix tomorrow

javaarchive · July 6, 2020, 3:32am

A better title would be “IP Ban with express” instead of “IP Ban without PHP” because it makes it sound like you think PHP is the official solution for IP bans.

khalby786 · July 6, 2020, 5:08am

@javaarchive you’re a Regular, you can change it.

khalby786 · July 6, 2020, 5:28am

@EddiesTech just making your code better

var banned = [ip, ip];
// the list of IPs you wanna ban

app.get("/", (req, res) => {
   banned.forEach(ip => {
     if (IP === ip) {
         res.sendStatus(401).send("You have been IP banned!");
         // 401 status code means unauthorised 
     } else {
        // they are not banned
        // send index.html file
     } 
  });
});

Redirects aren’t wise when you are doing stuff such as IP banning as they can cause problems (for example sending a GET requests from a banned IP with no redirects).

Anish · July 6, 2020, 5:43am

There’s no way to actually figure out who is behind the IP so there goes that idea.
Next, VPN’s are a thing, this isn’t gonna work very well if I’m gonna be honest.

khalby786 · July 6, 2020, 6:20am

What do you mean by that? The request parameter offers a lot of data including the host origin domain (or URL) from where the request was made which can be used and the IP can be obtained with

const IP = req.headers["x-forwarded-for"].split(",")[0];

EddiesTech · July 6, 2020, 8:37am

What @Anish means is that you can’t find out who owns a specific IP which was what @idodev asked

SebPautot · July 6, 2020, 10:44am

Unless someone connects to an account using that IP

RiversideRocks · July 6, 2020, 12:29pm

Or contacts the staff with that IP.

youngchief · July 6, 2020, 4:15pm

Then the issue would be that the IP is probably a Dynamic IP from their ISP. It usually isn’t a static IP they connect from. Next their is VPNs & Proxies to handle as @Anish mentioned. Although in the works is something that will make your IP static/dynamic at will. (useful for lots of things)

youngchief · July 6, 2020, 4:44pm

You also have to deal with IPv6 stuff. Just letting you know. I think I may know how to handle the stuff I mentioned in this post and above post of mine

khalby786 · July 7, 2020, 5:00am

Ooh, IPv6 drives me crazy.

youngchief · July 7, 2020, 5:01am

IPv6 is very cool, very.

youngchief · July 7, 2020, 5:03am

@idodev You may need to check a file (you create) to see if the user’s IP matches any IP in TXT file.

RiversideRocks · July 7, 2020, 7:43pm

IPv4:
123.45.67

IPv6:
eiufhew:389rfh2bfgh1ewufrasd:pfasldflsadfasdf324sfigoaufyges:ofugaowuefuigwe

ihack2712 · July 7, 2020, 7:53pm

That is not a valid IPv4 address

That is not a valid IPv6 address

youngchief · July 7, 2020, 7:56pm

Lol, It isn’t. It definitely isn’t at all.

RiversideRocks · July 7, 2020, 8:40pm

Really? Thats my IPv6 address!