From a security standpoint, what’s the best way to block an IP from using my Meteor app?
If you want to block access to the entire application (so covering the initial access/download of all client files, and access to the server), one of the easiest approaches is to proxy all requests to your app through a web server or proxy (I’m assuming you’re handling hosting yourself). So put something like nginx in front of your node instance, then configure it to block specific IPs. There are a lot of examples floating around showing how to use nginx with Meteor (DigitalOcean has a popular one here, but I really like this one as it also covers scaling).
1 Like
what about something like:
WebApp.rawConnectHandlers.use((req, res, next) => {
const ip = req.connection.remoteAddress || req.headers['x-forwarded-for'];
if (ip === ...) { ... }
else { next(); }
});
I don’t know much about that API but it’s what kadira is using for Picker: https://github.com/meteorhacks/picker/blob/master/lib/instance.js
1 Like