@arcjet/ip
Version:
Arcjet utilities for finding the originating IP of a request
69 lines (68 loc) • 1.76 kB
JavaScript
//#region src/cloudflare.ts
/**
* Cloudflare IPv4 ranges.
*
* Source: https://www.cloudflare.com/ips-v4/
*/
const cloudflareIpv4Ranges = [
"173.245.48.0/20",
"103.21.244.0/22",
"103.22.200.0/22",
"103.31.4.0/22",
"141.101.64.0/18",
"108.162.192.0/18",
"190.93.240.0/20",
"188.114.96.0/20",
"197.234.240.0/22",
"198.41.128.0/17",
"162.158.0.0/15",
"104.16.0.0/13",
"104.24.0.0/14",
"172.64.0.0/13",
"131.0.72.0/22"
];
/**
* Cloudflare IPv6 ranges.
*
* Source: https://www.cloudflare.com/ips-v6/
*/
const cloudflareIpv6Ranges = [
"2400:cb00::/32",
"2606:4700::/32",
"2803:f800::/32",
"2405:b500::/32",
"2405:8100::/32",
"2a06:98c0::/29",
"2c0f:f248::/32"
];
/**
* Describe Cloudflare as a trusted proxy in front of your application.
*
* Pass the result in the `proxies` array. When a request reaches your platform
* from a Cloudflare IP, Arcjet will read the real client IP from the
* `CF-Connecting-IP` / `CF-Connecting-IPv6` header instead of treating the
* Cloudflare edge address as the client. The header is only trusted when the
* connecting address is within Cloudflare's ranges, so it cannot be spoofed by
* clients connecting directly to your platform.
*
* @param options
* Configuration (optional).
* @returns
* Proxy service descriptor to include in the `proxies` array.
*/
function cloudflare(options) {
return {
kind: "service",
name: "cloudflare",
ranges: options && Array.isArray(options.ranges) && options.ranges.length > 0 ? [...options.ranges] : [...cloudflareIpv4Ranges, ...cloudflareIpv6Ranges],
clientIp: [{
header: "cf-connecting-ipv6",
format: "ip"
}, {
header: "cf-connecting-ip",
format: "ip"
}]
};
}
//#endregion
export { cloudflare, cloudflareIpv4Ranges, cloudflareIpv6Ranges };