Introduction:

When building web applications, it’s often necessary to control access based on IP addresses. Express.js, a popular Node.js framework, provides easy-to-use middleware for implementing IP address filtering. In this guide, we’ll explore how to blocklist and whitelist IP addresses in Express.js to enhance the security and accessibility of your application.

Blocklisting IP Addresses:

Blocklisting involves denying access to specific IP addresses or ranges. This can be useful for blocking malicious users, preventing spam, or restricting access to certain resources. In Express.js, you can achieve this using middleware.

// Define blocklist middleware
const blocklist = ['192.168.1.1', '10.0.0.0/8']; // Example IP addresses and ranges to block

const blocklistMiddleware = (req, res, next) => {
const userIP = req.ip; // Get user's IP address

// Check if user's IP is in the blocklist
if (blocklist.includes(userIP)) {
return res.status(403).send('Access forbidden');
}

// Proceed to next middleware if IP is not blocklisted
next();
};

// Apply blocklist middleware to routes
app.use(blocklistMiddleware);

In this example, we define a blocklist array containing IP addresses and ranges we want to block. The blocklistMiddleware function checks if the user’s IP address is in the blocklist and denies access with a 403 Forbidden response if it is.

Whitelisting IP Addresses:

Whitelisting, on the other hand, involves allowing access only to specified IP addresses or ranges. This can be useful for limiting access to sensitive areas of your application or granting special permissions to trusted users.

// Define whitelist middleware
const whitelist = ['192.168.1.100', '10.0.0.1']; // Example IP addresses to whitelist

const whitelistMiddleware = (req, res, next) => {
const userIP = req.ip; // Get user's IP address

// Check if user's IP is in the whitelist
if (!whitelist.includes(userIP)) {
return res.status(403).send('Access forbidden');
}

// Proceed to next middleware if IP is whitelisted
next();
};

// Apply whitelist middleware to routes
app.use(whitelistMiddleware);

In this example, we define a whitelist array containing IP addresses we want to whitelist. The whitelistMiddleware function checks if the user’s IP address is in the whitelist and denies access with a 403 Forbidden response if it is not.

Conclusion:

By implementing blocklisting and whitelisting of IP addresses in Express.js using middleware, you can enhance the security and control access to your web application. Whether you need to block malicious users or grant special permissions to trusted IPs, Express.js provides a flexible and efficient way to manage IP address filtering.