casualprogrammer
Reputation: 363
How to only allow access to API from certain ip address
I currently have a node js server deployed to heroku. I want to restrict non-authorized domains from interacting with the API's. I know I can do this on the server side by either requiring authentication or by requiring specific request host. But is there a way to configure that on heroku? To only allow a specific server owned by me to call the node serer.
Upvotes: 0
Views: 983
Answers (1)
qubyte
Reputation: 17748
Heroku most likey adds an x-forwarded-for header to requests it is sending to your application. You'll want to get the first address in that list:
const ip = (req.headers['x-forwarded-for'] || '').split(',')[0];
Where req is a request object. This glitch demonstrates it in action.
Using this address, you can respond to traffic depending on its IP from your node server.
Upvotes: 1
Related Questions
- Restrict access to Heroku app by IP?
- Restrict ipv6 access
- Prevent access through ip address
- API key does not allow access from IP (Heroku)
- How can I build rest API with nodejs and limit user access with whitelisted ip or domain?
- Restrict access to Node.js-based HTTP server by IP address
- Can I only accept traffic from certain requesting domains with Expressjs?
- nodejs - Allow request only if coming from the server ip
- Block IP's In a rails app on heroku
- Using IP restricting API's on Heroku