Deny access from particular environments in node.js and express
Question
Is it feasible to make access from particular environments, such as countries, operating systems, and browsers denied in Node.js and Express? I'm now constructing a web service, but must implement such filters before launching it for some reasons.
I use Node.js v0.10, Express v3.x, and would deploy on heroku. So here's my question:
Is it feasible to implement such filters in my deploy environment, and if it is, how can I do?
Is it feasible to implement such filters only on some specific services, such as comment sections?
I also wonder how secure and robust it can be to have access from those countries denied successfully.
1 answers
solution1
0 ACCPTED 2013-11-28 06:21:12
(This is not a heroku question, and in my humble opinion not a node nor javascript question well. This is more likely an http and/or tcp question).
You can filter by these, but beware: it is not secure at all.
- Detecting the user's country is usually done by ip (which you can get with
req.ip) which is later converted to a location (with some ip/geo service, eg MaxMind). - Detecting the browser is done with the User-Agent http header. This is accessible with
req.headers['user-agent']. - Detecting the OS is also done by parsing the user-agent header. There are other ways of doing this (passive os fingerprinting -- http://lcamtuf.coredump.cx/p0f3/ ) but these are probably not deploying on Heroku.
Note that in order to avoid filtering by country, the user can simply access your web server using a proxy in an allowed country. Also, since user-agent is a string the client sends, they can send whatever they want and fake any browser/os.
It really depends on how strict your "filtering security" requirements are.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.