I am trying to understand what the difference is between express req.ip IP address and the local IP address that comes from node net https://nodejs.org/api/net.html#socketlocaladdress
CodePudding user response:
Value of socket.localAddress is always the IP address of the server the client is connecting to (ex: 192.168.1.1), the value of req.ip is the IP of the client as set by proxy-addr package.
Based on the "trust proxy" express setting proxy-addr will either return the value of socket.remoteAddress or a value from req.headers['x-forwarded-for'] if present and trusted.
If in your setup you have a proxy server and "trust proxy" is true then when a request comes in the proxy will add the x-forwarded-for header, in this case socket.remoteAddress will be the IP of the proxy server and req.ip will be the IP of the client (ex: 74.125.127.100), if "trust proxy" is false both socket.remoteAddress and req.ip will be the IP of the proxy server.
More info:
https://expressjs.com/en/guide/behind-proxies.html
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For