IP-address whitelist for dashboard access

Hi, is there a way to find out the ip adress of the client that visits the nodered dashboard? At the moment i am using custom password entryption but i would like to do it with an ip-whitelist.

The ui control node will report on client browser tabs connecting to Dashboards. Not sure what it includes in its data but the client IP address is usually in the msg.req object if it has been included.

Dashboard also has a middleware function capability (see settings.js) and that will certainly get the IP address.

But bear in mind that an IP address can never be secure and is very easily spoofed. It may also change dynamically and will change depending on how a user connects to your server (via proxies, NATting, etc.)

So IP whitelisting is quite a fragile process at a client level.

One other issue is that most of the data transfer for Dashboard happens over Socket.IO not over HTTP. That has its own middleware, not all of which gives you access to the IP address.

Generally speaking, authentication and session management is better done in a tool that gives more fine-grained control. The usual recommendation is to use a reverse proxy such as NGINX, Caddy, HAproxy, etc.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.