ExpressJS custom middleware code ignored


I’m trying to implement IP whitelisting to the application, only the users from the IP list should have access to the application.

I’ve tried to use the following middleware function, but the status change to 403 is ignored, status is
always 200 and everything is working regardless of the user IP.

But i get the “not allowed…” message in log though…

Any thoughts…??


app.use(function (req, res, next) {

    app.set('allowedIPs', allowedIPs);

    const ip = req.headers['x-forwarded-for'] || (req.connection || {}).remoteAddress;"IP: " + ip);
    if (allowedIPs.includes(ip)) {"allowed...");
        return next();
    } else {"not allowed...");
        return res.status(403).send({error: { status:403, message:'Access denied.'}});

Since i can’t update the original post anymore, i’m posting this reply…

I noticed, that this middleware works as it should (code above), but only for URLs, that dont exist!

So without that middleware i get “can’t get …” type of message, if i try to access an unexisting URL … but with this middleware i get status 403 and “access denied” message.

Why is this not working for all URLs?

Could you also share the code that you are using to mount this middleware and Parse Server to the Express.js app?

Sure. Although i’m not mounting Parse server by myself, since i’m using commercial service (

cloud code main.js: = require('./app');

cloud code app.js

const express = require('express');
const app = express();

// function pasted above

module.exports = app;

In this case, I’d recommend you open a ticket with them to better understand. They are probably mounting Parse Server before your custom middleware and that’s why only unmatched routes are reaching it.

Ok, tnx, i’ll try that.