🕵 Verify an IP is related to a certain domain
You can verify if a web crawler accessing your server really is who they claim they are. This is useful if you're concerned that spammers or other troublemakers are accessing your site while claiming to be known crawlers. Crawlers do not post public lists of IP addresses to whitelist. This is because these IP address ranges can change, causing problems for any systems who have hard-coded them, so you must run a DNS lookup as described next.
Example flow to verify Googlebot as the caller
const reverseDNSLookup = ;let googlebot = /googlebot/i;if googlebot // It says it's Googlebotconst ip = requestheaders'x-forwarded-for';googlebot = await ; // Okay, it's Googlebot
What just happened?
- Run a reverse DNS lookup on the accessing IP address.
- Verify that the domain name is in the supplied domain names.
- Run a forward DNS lookup on the retrieved domain name (from step 1).
- Verify that it is the same as the original accessing IP address from your logs.
In case you want explicit details, use
const ip = requestheaders'x-forwarded-for';tryawait reverseDNSLookupsourceip 'google.com' 'googlebot.com'googlebot = true;catch errorif errorname === 'ReverseDNSLookupError'logger;googlebot = false;elsethrow error;
reverse-dns-lookup 18.104.22.168 google.com googlebot.com
|Exit code 0|
|Does not check out okay|
|Exit code 1|