0

I'm making a ban-by-IP system for my game's server(which was made using the "nodejs-websocket" module), and I need a reliable way to get the client's IP to make sure that a client banned stays banned. The problem is, whenever I try doing so through the server, the object that was supposed to contain the IP has instead "::1"

According to what I've found, this result "::1" is a loopback address in IPv6, but even when connecting to the server using another IP it has the same result.

So far I've tried using the code "connection.socket.remoteAddress" which is supposed to return the connection(client)'s IP address, since connection.socket exposes the net.Socket instance, but it didn't work. I've been trying to google another way to do that(and alternatives to that method), but I couldn't find much

var ws = require("nodejs-websocket")
var server = ws.createServer(function (connection) { 
console.log(connection.socket.remoteAddress)
}).listen(1000);

new WebSocket("ws://localhost:1000");

no errors are thrown, and as said before it just returns "::1". Any ideas to fix this?

peq42
  • 346
  • 4
  • 18
  • 1
    Also, I'd recommend *not* banning by IP address if you can help it. It's easy to get around, and becoming less and less effective. It also potentially bans legitimate users who end up with that address in the future. – Brad Jul 10 '19 at 04:54
  • The post you mentioned says that ::1 is a "loopback address in IPv6", aka a localhost, but I've tested connecting to the server using different IPs and the result is the same.. So I'm guessing the problem is different – peq42 Jul 10 '19 at 17:55
  • Are you using a proxy in front of your server by chance? If so, you'll have to configure your application server to trust headers from that proxy to identify the actual remote IP. – Brad Jul 10 '19 at 19:43
  • I was using ngrok to be able to make my local server accessible to others while in the test phase. How could I configure my server application to trust headers from that proxy and whatever others I or another user that is hosting a server may use? – peq42 Jul 12 '19 at 17:17
  • Don't use `socket.remoteAddress` in those cases, look at the `X-Forwarded-For` header, and only trust its value if `socket.remoteAddress` is that of your proxy. – Brad Jul 13 '19 at 00:03
  • I tried checking the connection's headers but there was no "X-Forwarded-For" value. Trying console.log(connection.headers['x-forwarded-for']) shows undefined – peq42 Jul 13 '19 at 02:06

0 Answers0