Limit access to Node-RED via client certificates

I think my aim for it, is to allow the inexperienced users to have a barrier without trying to understand the various products / services that are around.

It's been updated and now uses a built in class to help add the IP Address', Ranges & Subnets.

example:

const allowedIPs = [
  "127.0.0.1",                    /* Localhost */
  "172.16.0.0/24",                /* Private Network */
  "103.22.200.1-103.22.203.254"   /* CloudFlare range example */
];

Taking out the hosted services from the equation, both the client cert and IP White listing approach are both extremely powerful mechanisms! :nerd_face:

Note: I added the the security tag to this post

2 Likes