How to Block certian ip address from sending requests to the agent's URL?

Is this possible?

You can use a custom HTTP header from the client with a shared value. The Agent would still get all requests but could immediately turn away all requests that don’t have the header.

Yes, you can do this, the source IP is provided in the x-forwarded-for header in the request headers:

if (request.headers["x-forwarded-for"] == "") { res.send(401, "Forbidden IP address"); return; }

Out in the real world, doing access control using x-forwarded-for is frowned upon, because it can easily be spoofed by the client. But here in the protected world of Electric Imp agents, it’s probably OK.


It turns out that it’s not really OK for Electric Imp agents, either.

curl -X GET --header 'x-forwarded-for:'

results in:

x-forwarded-for:, a.b.c.d

(where a.b.c.d is my external IP address)

If I’d had another proxy locally (between me and the Internet), then it would probably have been:

x-forwarded-for:, a.b.c.d, p.q.r.s

So, you can use X-Forwarded-For for IP-based access, but it’s not 100% reliable. Either use HTTP authorization, or some kind of token-based scheme.