npm
Sign UpSign In

trust-reverse-proxy

0.1.0 • Public • Published

trustReverseProxy

trustReverseProxy is connect middleware to determine which connections are made through a trusted reverse proxy. Reverse proxies can be used to offload handling SSL connections to and/or for serving up static content.

When SSL connections are handled by a reverse proxy, all connections to connect are over HTTP. This middleware allows you forward SSL connections (almost) transparantly to connect. Typically the reverse proxy adds several custom HTTP headers to the proxied request. These headers can be used to distinguish secure connections (HTTPS) from insecure connections (HTTP).

Examples

Minimal configuration

var connect = require('connect'),
  acceptReverseProxy = require('acceptReverseProxy');

app = connect.createServer(acceptReverseProxy({proxyID: 'x-my-secret-proxy'}));

Trusting a reverse proxy on a different IP address

var connect = require('connect'),
  acceptReverseProxy = require('acceptReverseProxy');

app = connect.createServer(acceptReverseProxy({
  proxyID: 'x-my-secret-proxy',
  proxyIp: '192.168.0.1'
}));

Trusting more than 1 reverse proxy

var connect = require('connect'),
  acceptReverseProxy = require('acceptReverseProxy');

app = connect.createServer(acceptReverseProxy({
  proxyID: 'x-my-secret-proxy',
  proxyIp: ['192.168.0.1', '192.168.0.2'],
  trust: function(req) {
    return req.headers[options.proxyID] && (proxyIp.indexOf(req.client.remoteAddress) !== -1);
  }
}));

Retrieve browser's remote address differently

By default trustReverseProxy uses the IP address from the X-Real-IP or X-Forwarded-For headers. Two commonly used headers by reverse proxies to indicate the browser's remote address.

This example uses the header x-my-real-forwarded-ip instead.

var connect = require('connect'),
  acceptReverseProxy = require('acceptReverseProxy');

app = connect.createServer(acceptReverseProxy({
  proxyID: 'x-my-secret-proxy',
  remoteAddress: function(req) {
    return req.headers['x-my-real-forwarded-ip'];
  }
}));

Detect secure connections

By default trustReverseProxy detects secure by looking at the x-forwarded-scheme header. A connection is considered secure when this header has the value 'https'.

In this example a connection is considered secure when the header x-forwarded-ssl the value true.

var connect = require('connect'),
  acceptReverseProxy = require('acceptReverseProxy');

app = connect.createServer(acceptReverseProxy({
  proxyID: 'x-my-secret-proxy',
  isSecure: function(req) {
    return req.headers['x-forwarded-ssl'] === true;
  }
}));

/trust-reverse-proxy/

    Package Sidebar

    Install

    npm i trust-reverse-proxy

    Weekly Downloads

    0

    Version

    0.1.0

    License

    none

    Last publish

    Collaborators

    • bartt
    Try on RunKit
    Report malware