You can check if the user is accessing your backend from one of the listed egress IP addresses. But you should not worry about network infrastructure as jason says. You request web resources, and gets them. And your backend should handle multiple users behind the same IP. This is pretty normal. Use session cookies to track users. Denial-of-service mitigations like throttling requests based on IP is impossible with carrier grade NAT and has been for a long time. One ISP might already have 65000 users using the same IP to access your site. To do the throttling you need to implement something else. Say an access token (cookie) on which to track # of requests. And then have some progressive delay in issuing tokens to the same IP address. Say issue first one immediately. Next request from same IP would have to wait a random time say up to 1s, then if a new request within 1s, way between 1 and 2s etc. You would assume visitors from same IP to trickle in, so the admission delay would usually not be a big issue.