How to get a User's IP Address in Express.js

As a web developer, it's important that we try to respect the user's privacy as much as possible, but that doesn't mean there aren't times we need to know the general location of the user. There are many valid reasons to need to know their location without violating their privacy. For example:

  • The service you're providing must abide by local laws. Crypto is a good example of this - it's regulated differently in different countries, which means crypto exchanges can't be used in some countries.
  • You want to personalize searches and recommendations. If I'm looking for a good pizza restaurant, it'd be nice if the service defaulted to finding local establishments in my area without me needing to type in my location.
  • Language preferences. It'd be helpful to automatically show your app's text in the local language of the user without them needing to manually change the setting.

There are many other examples, and these are just a few.

Express.js is one of the most popular web frameworks in Node.js, and you'll commonly need to use it to find the user's IP address.

The IP address is exposed in a few different ways, a few of which we'll look at here:

  • req.connection.remoteAddress: The IP address of the user's connection to the server. This only works if your server has no proxies between it and the user.
  • req.headers['x-forwarded-for']: A list of the IP addresses between your server and the user, in order. This is useful if you have proxies between your server and the user. The left-most IP address is the user's IP address.
  • req.ip: This property uses req.connection.remoteAddress unless the trust proxy setting is set to true. If set to true, it will use the left-most IP address in req.headers['x-forwarded-for'] instead.
  • req.ips: This property uses req.headers['x-forwarded-for'] if the trust proxy setting is set to true. It will be an array of IP addresses, in order.
Get free courses, guided projects, and more

No spam ever. Unsubscribe anytime. Read our Privacy Policy.

Note that you might not be able to trust the IP addresses in req.headers['x-forwarded-for'], depending on the proxy you're using. It can be set by the client or the proxy.

If you're using other services in front of your server, like Cloudflare, then you may have other options available. These are usually accessed using special HTTP headers. For example:

  • Cloudflare: CF-Connecting-IP
  • Fastly: Fastly-Client-Ip
  • Nginx and FastCGI: X-Real-IP
  • Akamai: True-Client-Ip

Depending on if you reliably need an accurate IP address or not, you can use a number of different sources together.

For example, for some of my services I don't need an accurate IP address, but getting a clue of where they're located is helpful, so I use many different sources to try and get an accurate IP address. You can use these sources together with something like this:

exports.getIpFromRequest = req => {
    let ips = (
        req.headers['cf-connecting-ip'] ||
        req.headers['x-real-ip'] ||
        req.headers['x-forwarded-for'] ||
        req.connection.remoteAddress || ''
    ).split(',');

    return ips[0].trim();
};
Last Updated: April 13th, 2023
Was this helpful?

© 2013-2024 Stack Abuse. All rights reserved.

AboutDisclosurePrivacyTerms