Detecting hosting and cloud provider traffic

Knowing whether a request originates from a hosting provider (for example, AWS, Azure, Google Cloud) helps you distinguish human visitors from automation and apply the right controls.

IPLocate exposes two signals you can use:

privacy.is_hosting: boolean flag indicating hosting/datacenter origin
hosting object: present when detailed provider info is available (for example, provider name, domain)

Node.js example

import IPLocate from 'node-iplocate';

const client = new IPLocate('YOUR_API_KEY');

export async function isFromHosting(ip = '') {
  const data = await client.lookup(ip);
  return {
    hosting: data.privacy?.is_hosting === true,
    provider: data.hosting?.provider,
  };
}

// Example
const result = await isFromHosting();
if (result.hosting) {
  // Block, log, throttle, or route differently
}

Server-side example (Express)

import express from 'express';
import IPLocate from 'node-iplocate';

const app = express();
app.set('trust proxy', true); // ensure req.ip reflects the real client IP behind proxies

const client = new IPLocate(process.env.IPLOCATE_API_KEY);

app.get('/login', async (req, res) => {
  const ip = req.ip;
  const data = await client.lookup(ip);

  if (data.privacy?.is_hosting) {
    // Block, log, throttle, or route differently
  }
  res.send('OK');
});

Best practices

Combine privacy.is_hosting with privacy.is_anonymous and abuse signals for higher confidence.
Don’t block search engines blindly; exempt known crawlers if relevant.
Cache responses to reduce API usage; see caching responses.

Node.js example​

Server-side example (Express)​

Best practices​

Node.js example

Server-side example (Express)

Best practices