Skip to main content

Filtering IPs on a specific Spell

In some cases, you want to limit access of a specific Spell to some servers to enhance security.

You can limit the allowed IP addresses to run a Spell using this code snippet:

const ALLOWLIST_IP = [
  "10.0.0.1", //Production server
  "10.0.0.2", //Testing machine
];

if (!params.headers["x-forwarded-for"]) {
  throw new Error("Can't detect source IP for filtering");
}

if (!ALLOWLIST_IP.includes(params.headers["x-forwarded-for"])) {
  throw new Error(`IP not allowed: ${params.headers["x-forwarded-for"]}`);
}

This code snippet must be added at the top of a Spell and will work like this:

  • First, we defined an array of allowed IP addresses to run this Spell.
  • Then, we'll check if the header x-forwaded-for is present inside the params. This parameter is automatically added by our engine
  • Finally, we'll verify if the IP address inside the x-forwaded-for is present inside our ALLOWLIST_IP array. If not, we throw an error to stop the spell execution.

If you don't want to throw an error and to make this alert silent, you can just do a return; instead of throw a new error that would stop the execution.

If you want to log the source IP, you can add a console.log(params.headers['x-forwarded-for']) to log the incoming IP address.