Package detail

proxy-addr

jshttp153.2mMIT2.0.7

Determine address of proxied request

ip, proxy, x-forwarded-for

readme

proxy-addr

NPM Version NPM Downloads Node.js Version Build Status Test Coverage

Determine address of proxied request

Install

This is a Node.js module available through the npm registry. Installation is done using the npm install command:

$ npm install proxy-addr

API

var proxyaddr = require('proxy-addr')

proxyaddr(req, trust)

Return the address of the request, using the given trust parameter.

The trust argument is a function that returns true if you trust the address, false if you don't. The closest untrusted address is returned.

proxyaddr(req, function (addr) { return addr === '127.0.0.1' })
proxyaddr(req, function (addr, i) { return i < 1 })

The trust arugment may also be a single IP address string or an array of trusted addresses, as plain IP addresses, CIDR-formatted strings, or IP/netmask strings.

proxyaddr(req, '127.0.0.1')
proxyaddr(req, ['127.0.0.0/8', '10.0.0.0/8'])
proxyaddr(req, ['127.0.0.0/255.0.0.0', '192.168.0.0/255.255.0.0'])

This module also supports IPv6. Your IPv6 addresses will be normalized automatically (i.e. fe80::00ed:1 equals fe80:0:0:0:0:0:ed:1).

proxyaddr(req, '::1')
proxyaddr(req, ['::1/128', 'fe80::/10'])

This module will automatically work with IPv4-mapped IPv6 addresses as well to support node.js in IPv6-only mode. This means that you do not have to specify both ::ffff:a00:1 and 10.0.0.1.

As a convenience, this module also takes certain pre-defined names in addition to IP addresses, which expand into IP addresses:

proxyaddr(req, 'loopback')
proxyaddr(req, ['loopback', 'fc00:ac:1ab5:fff::1/64'])
  • loopback: IPv4 and IPv6 loopback addresses (like ::1 and 127.0.0.1).
  • linklocal: IPv4 and IPv6 link-local addresses (like fe80::1:1:1:1 and 169.254.0.1).
  • uniquelocal: IPv4 private addresses and IPv6 unique-local addresses (like fc00:ac:1ab5:fff::1 and 192.168.0.1).

When trust is specified as a function, it will be called for each address to determine if it is a trusted address. The function is given two arguments: addr and i, where addr is a string of the address to check and i is a number that represents the distance from the socket address.

proxyaddr.all(req, [trust])

Return all the addresses of the request, optionally stopping at the first untrusted. This array is ordered from closest to furthest (i.e. arr[0] === req.connection.remoteAddress).

proxyaddr.all(req)

The optional trust argument takes the same arguments as trust does in proxyaddr(req, trust).

proxyaddr.all(req, 'loopback')

proxyaddr.compile(val)

Compiles argument val into a trust function. This function takes the same arguments as trust does in proxyaddr(req, trust) and returns a function suitable for proxyaddr(req, trust).

var trust = proxyaddr.compile('loopback')
var addr = proxyaddr(req, trust)

This function is meant to be optimized for use against every request. It is recommend to compile a trust function up-front for the trusted configuration and pass that to proxyaddr(req, trust) for each request.

Testing

$ npm test

Benchmarks

$ npm run-script bench

License

MIT

changelog

2.0.7 / 2021-05-31

  • deps: forwarded@0.2.0
    • Use req.socket over deprecated req.connection

2.0.6 / 2020-02-24

  • deps: ipaddr.js@1.9.1

2.0.5 / 2019-04-16

  • deps: ipaddr.js@1.9.0

2.0.4 / 2018-07-26

  • deps: ipaddr.js@1.8.0

2.0.3 / 2018-02-19

  • deps: ipaddr.js@1.6.0

2.0.2 / 2017-09-24

  • deps: forwarded@~0.1.2
    • perf: improve header parsing
    • perf: reduce overhead when no X-Forwarded-For header

2.0.1 / 2017-09-10

  • deps: forwarded@~0.1.1
    • Fix trimming leading / trailing OWS
    • perf: hoist regular expression
  • deps: ipaddr.js@1.5.2

2.0.0 / 2017-08-08

  • Drop support for Node.js below 0.10

1.1.5 / 2017-07-25

  • Fix array argument being altered
  • deps: ipaddr.js@1.4.0

1.1.4 / 2017-03-24

  • deps: ipaddr.js@1.3.0

1.1.3 / 2017-01-14

  • deps: ipaddr.js@1.2.0

1.1.2 / 2016-05-29

  • deps: ipaddr.js@1.1.1
    • Fix IPv6-mapped IPv4 validation edge cases

1.1.1 / 2016-05-03

  • Fix regression matching mixed versions against multiple subnets

1.1.0 / 2016-05-01

  • Fix accepting various invalid netmasks
    • IPv4 netmasks must be contingous
    • IPv6 addresses cannot be used as a netmask
  • deps: ipaddr.js@1.1.0

1.0.10 / 2015-12-09

  • deps: ipaddr.js@1.0.5
    • Fix regression in isValid with non-string arguments

1.0.9 / 2015-12-01

  • deps: ipaddr.js@1.0.4
    • Fix accepting some invalid IPv6 addresses
    • Reject CIDRs with negative or overlong masks
  • perf: enable strict mode

1.0.8 / 2015-05-10

  • deps: ipaddr.js@1.0.1

1.0.7 / 2015-03-16

  • deps: ipaddr.js@0.1.9
    • Fix OOM on certain inputs to isValid

1.0.6 / 2015-02-01

  • deps: ipaddr.js@0.1.8

1.0.5 / 2015-01-08

  • deps: ipaddr.js@0.1.6

1.0.4 / 2014-11-23

  • deps: ipaddr.js@0.1.5
    • Fix edge cases with isValid

1.0.3 / 2014-09-21

  • Use forwarded npm module

1.0.2 / 2014-09-18

  • Fix a global leak when multiple subnets are trusted
  • Support Node.js 0.6
  • deps: ipaddr.js@0.1.3

1.0.1 / 2014-06-03

  • Fix links in npm package

1.0.0 / 2014-05-08

  • Add trust argument to determine proxy trust on
    • Accepts custom function
    • Accepts IPv4/IPv6 address(es)
    • Accepts subnets
    • Accepts pre-defined names
  • Add optional trust argument to proxyaddr.all to stop at first untrusted
  • Add proxyaddr.compile to pre-compile trust function to make subsequent calls faster

0.0.1 / 2014-05-04

  • Fix bad npm publish

0.0.0 / 2014-05-04

  • Initial release