IP Whitelisting


For a web service node, is it possible to limit inbound requests to specific IP addresses? I tried adding code to reject requests based on the incoming IP address (e.g. “if (req.IP != ‘’) return false;”), but it seems to be using some sort of internal address (“10.207.xx.xx”) per request. I’m assuming this is a load balancer doing its job.

I’m open to other ideas. The end goal is to limit the app’s usage to a specific network.


Hi Brian,

Since the requests are proxied, I don’t think you would be able to key off of the request IP. Can you instead try using the X-Forwarded-For request header?


Thanks Jade!

This worked out pretty well. Your suggestion led me to some ExpressJS documentation about using that header. Ultimately all I had to do was add one line of code, which told ExpressJS to read the IP from that header instead.

app.set('trust proxy', true);

Here’s the documentation page for anyone else running into this scenario:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.