Block an IP Address

From a security standpoint, what’s the best way to block an IP from using my Meteor app?

If you want to block access to the entire application (so covering the initial access/download of all client files, and access to the server), one of the easiest approaches is to proxy all requests to your app through a web server or proxy (I’m assuming you’re handling hosting yourself). So put something like nginx in front of your node instance, then configure it to block specific IPs. There are a lot of examples floating around showing how to use nginx with Meteor (DigitalOcean has a popular one here, but I really like this one as it also covers scaling).

1 Like

@hwillson any suggestions for an app hosted on Galaxy?

1 Like

what about something like:

WebApp.rawConnectHandlers.use((req, res, next) => {
  const ip = req.connection.remoteAddress || req.headers['x-forwarded-for'];
  if (ip === ...) { ... }
  else { next(); }
});

I don’t know much about that API but it’s what kadira is using for Picker: https://github.com/meteorhacks/picker/blob/master/lib/instance.js

1 Like