How do I block certain IPs on Replit?

MaximumDevMode · August 23, 2023, 8:21pm

Hello! I am making an HTML site, but one of my “hillarious” friends decided to attempt to DDOS the website. Is there any way I can block a certain IP but not the rest? If not, is there a way to make a certain IP go to a different page instead of index.html?

MaximumDevMode · August 23, 2023, 8:24pm

@QwertyQwerty88 You have helped me with some of my previous projects, can you help with this one?

WindLother · August 23, 2023, 8:55pm

You need to use Express.

Than you can set up a ipblock list. An example:

const express = require('express');
const app = express();
const PORT = 3000;

const blockedIPs = new Set([
  '123.45.67.89',  // Here you set the IP you want to block.
]);

app.use((req, res, next) => {
  const ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
  if (blockedIPs.has(ip)) {
    // With this you block the ip, you can use "return res.status(403).send('Your message, like YOU ARE BLOCKED!');
    // Or you can redirect to another page with res.redirect
    return res.redirect('/alternatePage.html');
  }
  next();
});

SnakeByte · August 23, 2023, 9:19pm

@WindLother’s code should work, and if you want to hide the IPs, make sure you put them in a secret.

MaximumDevMode · August 23, 2023, 10:34pm

How do I do that? I already have the Repl set up. Do I just create index.js and then put it in that?

OtterDev · August 23, 2023, 11:16pm

Click on Secrets in the Tools menu.

WindLother · August 23, 2023, 11:17pm

Yes, create a index.js file.
Install express (npm install express or just select the package in the toolbar).
And move the index.html to the public folder.

QwertyQwerty88 · August 24, 2023, 12:54am

No, not if you are using an HTML/CSS/JS Repl. Create a new Node.js Repl instead.

WindLother · August 24, 2023, 1:00am

Oh thanks, I was just assuming he was using node.js

QwertyQwerty88 · August 24, 2023, 1:01am

If he didn’t already have an index.js file then he probably wasn’t

prisems · August 24, 2023, 1:30am

@joecooldoo youve done this before

joecooldoo · August 24, 2023, 4:34am

To @MaximumDevMode:

Does this mean you have no backend? If you don’t, IP banning won’t work very well.
Here’s why:

Since the client needs to download the script, the server has to generate a response, which won’t stop a DDoS attack.
Since the client controls the execution of a script an attacker can simply block the request to your IP ban script, causing the script not to load and be executed, hence evading an IP ban.

If you do have a backend, that’s great news. You can get the IP address server-side by taking a look at the X-Forwarded-For header from the client. Every time a request is created you can check if the client’s IP address matches up with an IP address stored in a list of banned IP addresses. You can even try implementing an IP range ban as well if the IP address keeps changing but is in the general same location. Try also adding occasional captchas around your site to places that might cause the server to do a bit more work than normal.

Of course, these methods can be avoided using a VPN, which you could also check for. But even that can be avoided with other methods.

There is no true way to really block all bad guy IP ban-avoiding spammers. Just don’t add too many protection features, because doing too many checks could use a lot of server power (for Replit at least; they give you really crappy CPUs with the free plan). Try using CloudFlare or something.

To @prisems: With a Python web server, yes; but not with JS.

MaximumDevMode · August 24, 2023, 12:46pm

Ok, I ran into an error. I installed express and it completed, but when I click run it just runs index.js, not index.html. How do I fix this?

MaximumDevMode · August 24, 2023, 12:47pm

Ok, I ran into an error. I installed express and it completed, but when I click run it just runs index.js, not index.html. How do I fix this?

MaximumDevMode · August 24, 2023, 12:48pm

@WindLother @QwertyQwerty88 @SnakeByte
Here is the REPL link.

https://replit.com/@MaximumDevMode/MaximumDevMode

WindLother · August 24, 2023, 12:57pm

When you create a web server using Node.js and Express, the server starts by running the index.js and then listens for incoming requests. Your index.html file is served in response to a web request, not executed like a script.

So, what you need to do is:

Create a folder called public. Put your index.html file inside this folder.
In your index.js you need to make the express serve your index.html file. Example:

const express = require('express');
const app = express();
const PORT = 3000;

//Here you serve static files (index.html) from the 'public' directory
app.use(express.static('public'));
});

Ps.: the code above is purely an example, be sure to adapt to your needs (ipblocking).

And that’s it.

When you click run now it will execute the index.js file but he will also serve your index.html file.

UMARismyname · August 24, 2023, 1:42pm

AFAIK they can’t bring the website down. As a “HTML, CSS, JS” repl it is statically hosted, on a cluster alongside other repls. From my tests, requests to the repl don’t take up egress (but running the repl to update it does). DDOSing the website would mean bringing down the entire cluster, which is not feasible.

WindLother · August 24, 2023, 2:10pm

That’s good information

MaximumDevMode · August 24, 2023, 3:45pm

I did that, but know the page isn’t updating. Also, styles.css is acting like it’s not there.

Here is the direct link. https://maximumdevmode.repl.co/

SnakeByte · August 24, 2023, 7:29pm

style.cssis not in the public folder directory, meaning in your html file, the stylesheet href should be ../style.css