ExpressJS custom middleware code ignored

Hi!

I’m trying to implement IP whitelisting to the application, only the users from the IP list should have access to the application.

I’ve tried to use the following middleware function, but the status change to 403 is ignored, status is
always 200 and everything is working regardless of the user IP.

But i get the “not allowed…” message in log though…

Any thoughts…??

Thanks…

app.use(function (req, res, next) {

    app.set('allowedIPs', allowedIPs);

    const ip = req.headers['x-forwarded-for'] || (req.connection || {}).remoteAddress;
    console.info("IP: " + ip);
    if (allowedIPs.includes(ip)) {
        console.info("allowed...");
        return next();
    } else {
        console.info("not allowed...");
        return res.status(403).send({error: { status:403, message:'Access denied.'}});
    }
});

Since i can’t update the original post anymore, i’m posting this reply…

I noticed, that this middleware works as it should (code above), but only for URLs, that dont exist!

So without that middleware i get “can’t get …” type of message, if i try to access an unexisting URL … but with this middleware i get status 403 and “access denied” message.

Why is this not working for all URLs?