UNPKG

@arcjet/ip

Version:

Arcjet utilities for finding the originating IP of a request

69 lines (68 loc) 1.76 kB
//#region src/cloudflare.ts /** * Cloudflare IPv4 ranges. * * Source: https://www.cloudflare.com/ips-v4/ */ const cloudflareIpv4Ranges = [ "173.245.48.0/20", "103.21.244.0/22", "103.22.200.0/22", "103.31.4.0/22", "141.101.64.0/18", "108.162.192.0/18", "190.93.240.0/20", "188.114.96.0/20", "197.234.240.0/22", "198.41.128.0/17", "162.158.0.0/15", "104.16.0.0/13", "104.24.0.0/14", "172.64.0.0/13", "131.0.72.0/22" ]; /** * Cloudflare IPv6 ranges. * * Source: https://www.cloudflare.com/ips-v6/ */ const cloudflareIpv6Ranges = [ "2400:cb00::/32", "2606:4700::/32", "2803:f800::/32", "2405:b500::/32", "2405:8100::/32", "2a06:98c0::/29", "2c0f:f248::/32" ]; /** * Describe Cloudflare as a trusted proxy in front of your application. * * Pass the result in the `proxies` array. When a request reaches your platform * from a Cloudflare IP, Arcjet will read the real client IP from the * `CF-Connecting-IP` / `CF-Connecting-IPv6` header instead of treating the * Cloudflare edge address as the client. The header is only trusted when the * connecting address is within Cloudflare's ranges, so it cannot be spoofed by * clients connecting directly to your platform. * * @param options * Configuration (optional). * @returns * Proxy service descriptor to include in the `proxies` array. */ function cloudflare(options) { return { kind: "service", name: "cloudflare", ranges: options && Array.isArray(options.ranges) && options.ranges.length > 0 ? [...options.ranges] : [...cloudflareIpv4Ranges, ...cloudflareIpv6Ranges], clientIp: [{ header: "cf-connecting-ipv6", format: "ip" }, { header: "cf-connecting-ip", format: "ip" }] }; } //#endregion export { cloudflare, cloudflareIpv4Ranges, cloudflareIpv6Ranges };