node package manager
Share your code. npm Orgs help your team discover, share, and reuse code. Create a free org ยป



Connect-Proxy is a middleware layer for Connect (running on node.js) that retrieves originating IP/Host values when proxying to your connect app.


When proxying to node (often done because of host/port restrictions, albeit the shortcomings of this approach), the IP address at req.socket.remoteAddress is the IP of the proxy server and is the internal hostname:port of the node server, e.g. localhost:3000.

This middleware allows you to use your connect-based app regardless of your node installation being proxied to. It also helps you utilize features of connect and Express that depend on the described header values and would otherwise lead to unexpected results:

  • Logging :remote-addr: The address logged by using the :remote-addr-Token of connects logger middleware is no longer the address of the proxy, but the address of the user
  • Redirecting to '/': When redirecting to relative URLs, express prepends protocol and host before redirecting. the prepended host is taken from which leads to redirects to http://localhost:port/ when proxying locally (e.g. proxying through apache)

It does so by replacing properties of the req object with values taken from special headers containing the originating IP address and the host name that was originally accessed. Most proxies send these kind of headers, usually x-forwarded-for and x-forwarded-host . These headers can be comma separated lists in case of multiple proxies, with the left-most being the originating value.

Docs: Apache, Nginx, Squid


npm install connect-proxy


Require the module:

var proxy = require('connect-proxy');

Use the middleware by calling realValues with an options object:

app.configure(function() {
    trusted: '',
    ipHeader: 'x-real-ip'


  • trusted {String} request headers can be faked. this option option tells connect-proxy to only trust the given proxy ip or ip-range. ip-ranges must be written in CIDR notation. defaults to '' if not set or wrong format.
  • strict {Boolean} strict mode, defaults to true. when an untrusted ip-address is found, connect-proxy will throw an error. if this is set to false, no error will be thrown and proxy headers will be ignored.
  • ipHeader {String} header property in which originating ip address and additional proxy ip addresses are defined. defaults to 'x-forwarded-for'
  • hostHeader {String} header property in which originating host and additional proxy hosts are defined. defaults to 'x-forwarded-host'

Connect Compatibility

Works with Connect@1.3.0 - if someone finds out more, drop me a line.


View the LICENSE file.