How do I block certain IPs on Replit?

Hello! I am making an HTML site, but one of my “hillarious” friends decided to attempt to DDOS the website. Is there any way I can block a certain IP but not the rest? If not, is there a way to make a certain IP go to a different page instead of index.html?

1 Like

@QwertyQwerty88 You have helped me with some of my previous projects, can you help with this one?

2 Likes

You need to use Express.

Than you can set up a ipblock list. An example:

const express = require('express');
const app = express();
const PORT = 3000;

const blockedIPs = new Set([
  '123.45.67.89',  // Here you set the IP you want to block.
]);

app.use((req, res, next) => {
  const ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
  if (blockedIPs.has(ip)) {
    // With this you block the ip, you can use "return res.status(403).send('Your message, like YOU ARE BLOCKED!');
    // Or you can redirect to another page with res.redirect
    return res.redirect('/alternatePage.html');
  }
  next();
});

6 Likes

@WindLother’s code should work, and if you want to hide the IPs, make sure you put them in a secret.

5 Likes

How do I do that? I already have the Repl set up. Do I just create index.js and then put it in that?

1 Like

Click on Secrets in the Tools menu.

3 Likes

Yes, create a index.js file.
Install express (npm install express or just select the package in the toolbar).
And move the index.html to the public folder.

2 Likes

No, not if you are using an HTML/CSS/JS Repl. Create a new Node.js Repl instead.

4 Likes

Oh thanks, I was just assuming he was using node.js :melting_face:

3 Likes

If he didn’t already have an index.js file then he probably wasn’t

3 Likes

@joecooldoo youve done this before

1 Like

To @MaximumDevMode:

Does this mean you have no backend? If you don’t, IP banning won’t work very well.
Here’s why:

  1. Since the client needs to download the script, the server has to generate a response, which won’t stop a DDoS attack.
  2. Since the client controls the execution of a script an attacker can simply block the request to your IP ban script, causing the script not to load and be executed, hence evading an IP ban.

If you do have a backend, that’s great news. You can get the IP address server-side by taking a look at the X-Forwarded-For header from the client. Every time a request is created you can check if the client’s IP address matches up with an IP address stored in a list of banned IP addresses. You can even try implementing an IP range ban as well if the IP address keeps changing but is in the general same location. Try also adding occasional captchas around your site to places that might cause the server to do a bit more work than normal.

Of course, these methods can be avoided using a VPN, which you could also check for. But even that can be avoided with other methods.

There is no true way to really block all bad guy IP ban-avoiding spammers. Just don’t add too many protection features, because doing too many checks could use a lot of server power (for Replit at least; they give you really crappy CPUs with the free plan). Try using CloudFlare or something.

To @prisems: With a Python web server, yes; but not with JS.

6 Likes

Ok, I ran into an error. I installed express and it completed, but when I click run it just runs index.js, not index.html. How do I fix this?

1 Like

Ok, I ran into an error. I installed express and it completed, but when I click run it just runs index.js, not index.html. How do I fix this?

1 Like

@WindLother @QwertyQwerty88 @SnakeByte
Here is the REPL link.

https://replit.com/@MaximumDevMode/MaximumDevMode

2 Likes

When you create a web server using Node.js and Express, the server starts by running the index.js and then listens for incoming requests. Your index.html file is served in response to a web request, not executed like a script.

So, what you need to do is:

  1. Create a folder called public. Put your index.html file inside this folder.
  2. In your index.js you need to make the express serve your index.html file. Example:
const express = require('express');
const app = express();
const PORT = 3000;

//Here you serve static files (index.html) from the 'public' directory
app.use(express.static('public'));
});

Ps.: the code above is purely an example, be sure to adapt to your needs (ipblocking).

And that’s it.

When you click run now it will execute the index.js file but he will also serve your index.html file.

4 Likes

following information might no longer be correct because HTML repls are no longer a special case


AFAIK they can’t bring the website down. As a “HTML, CSS, JS” repl it is statically hosted, on a cluster alongside other repls. From my tests, requests to the repl don’t take up egress (but running the repl to update it does). DDOSing the website would mean bringing down the entire cluster, which is not feasible.

5 Likes

That’s good information :hushed:

2 Likes

I did that, but know the page isn’t updating. Also, styles.css is acting like it’s not there.

Here is the direct link. https://maximumdevmode.repl.co/

1 Like

style.cssis not in the public folder directory, meaning in your html file, the stylesheet href should be ../style.css

6 Likes