Socket
Socket
Sign inDemoInstall

forwarded-for

Package Overview
Dependencies
0
Maintainers
6
Versions
8
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

forwarded-for

Abstraction for retrieving ip address information from a Node.js connection. Searches for proxy headers before degrading req.address


Version published
Maintainers
6
Weekly downloads
19,433
decreased by-12.01%

Weekly downloads

Readme

Source

forwarded-for

Version npmBuild StatusDependenciesCoverage StatusIRC channel

When you are hosting your applications behind a reverse load balancer the incoming requests will no longer have the IP address of your user but of the load balancer as it forwards the request to your node instance. Most load balancers allow you to modify the headers of the request and add original request information in it.

This module makes it easier to find the correct IP address of your connection by detecting these headers that load balancers set and it will gracefully fall down to the original req.address that contained the IP address of the request inside node.js. In addition to gracefully degrading to the original request we also for other known locations of the address (which are usually set by frameworks such as SockJS and Socket.IO etc.)

Installation

The module is released in the npm registry:

npm install --save forwarded-for

Getting started

Let's start out with including the module in to your application:

'use strict';

var forwarded = require('forwarded-for');

The forwarded variable will now contain the function which parses out the request information for you in to a really simple object. This object contains the following properties:

  • port The remote port. It defaults to 0.
  • ip The string representation of the remoteAddress. It defaults to '127.0.0.1'.

When we fail to parse or detect an IP address we will use the default values to construct the object. To correctly parse the data the function requires the following arguments:

  • obj The socket like object that probably contains the remoteAddress
  • headers A reference to the HTTP headers of the request
  • whitelist, optional A white list of IP addresses of your load balancers so people cannot make fake requests with x-forwarded-for headers.

So with all the information combined, it would look something like this:

'use strict';

var forwarded = require('forwarded-for');

require('http').createServer(function (req, res) {
  var address = forwarded(req, req.headers);

  res.end('Your ip address is '+ address.ip);
}).listen(8080);

License

MIT

Keywords

FAQs

Last updated on 19 Aug 2019

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc