What's the best way to whitelist only certain IPs and allow them access to a route


#1

I have a Picker server route that I want to block access to for everyone but certain IP addresses webhooks are using. For some reason I’m having a hard time figuring out a way to do this even though I would think this is a fairly common scenario. Been looking at firewall solutions, .htaccess solutions etc but no clear example I could follow to do this.

Any suggestions on how to accomplish this?


#2

Anybody? :blush:

I kinda liked some random .htaccess approach but I don’t know if it can really handle a virtual link that’s not a “real page”. The sample had the .htaccess sit in a sub-directory of the page it was protecting and that stumped me on how I’d apply it here.


#3

What you might try is to make a meteor method to check against a whitelist you define, because inside a meteor method you have access to this.connection, which includes the ip of the connection. If it returns undefined the method is called from the server itself, otherwise it’ll contain the data you need.

So in your route you could call said method, if it returns false, don’t render the route and redirect if it returns true continue to the specified route.

Let me know if this works or not


#4

Thanks for chiming in! This is interesting, didn’t even think of it. But, this is a server side route and this third party app is executing an HTTP POST to that route. Wouldn’t this.connection always be undefined then? I just tried logging the this.connection from within the route and it’s showing undefined.


#5

I was just poking around the request a bit and I see it includes the IP address in “x-forwarded-for” under headers section.

But that can’t be a reliable source of determining where the request is coming from, if somebody wanted to, they could fake that alongside everything else right?


#6

You can access full connect handling by core webapp package

WebApp.rawConnectHandlers.use (req, res, next) ->
    handle = ->
        dispatchRoute(req, res, next)
    
    if Fiber.current
        handle()
    else
        fiber = new Fiber(handle)
        fiber.run()

#7

Thank you. That looks pretty cool but seems to be a bit over my head. Been trying for the last hour or so to figure out how to make it work but I can’t get it to do anything so far.

Where would I place the WebApp.rawConnectHandlers.use … inside the route logic? Everything I tried seems to be ignored and skipped over