REMOTE_ADDR and IPv6 in PHP

php apache ip-address ipv6 ipv4
12,119

Solution 1

The REMOTE_ADDR key is set by the web server, not PHP. If the web server listens on v6 and the user connects that way, it'll be a v6 address

Solution 2

I have seen a bad IP address reported to php in REMOTE_ADDR from Apache 2.

It was '183.60..244.37'.

So the answer to your question, "Is it safe to assume...", I think is definitely no, REMOTE_ADDR can not be trusted.

As far as I know it is reported to PHP from the server, in my case Apache. Why it was bad I am still trying to figure out. I do know this. It came in as part of a batch of attack requests. Sometimes it was 183.60.244.37 and sometimes it was 183.60..244.37.

See also this.

Share:
12,119
Alix Axel
Author by

Alix Axel

If you need to, you can contact me at: alix [dot] axel [at] gmail [dot] com. I'm #SOreadytohelp Some of my GitHub repositories: phunction, a minimalistic PHP HMVC Framework. halBox, bash script to bootstrap Debian/Ubuntu servers. ArrestDB, RESTful API for SQLite, MySQL and PostgreSQL databases. genex.js, Genex module for Node.js. If you know how to work with regexes, have a look at http://namegrep.com/. ;)

Updated on June 04, 2022

Comments

  • Alix Axel
    Alix Axel almost 2 years

    Is it safe to assume that $_SERVER['REMOTE_ADDR'] always returns a IPv4 address?

    Thanks!

  • Alix Axel
    Alix Axel about 14 years
    +1, Thanks! I'm gonna try to figure out how I can convert an IPv6 address to a number.
  • Marc B
    Marc B about 14 years
    php.net/manual/en/function.inet-pton.php will convert v4 and v6 "string" addresses to their packed representation.
  • Pacerier
    Pacerier almost 12 years
    @Michael IPv6 has many text representations. Is there a standard representation returned by $_SERVER['REMOTE_ADDR']?
  • Michael Hampton
    Michael Hampton over 11 years
    @Pacerier You'll get the normal compacted IPv6 addresses or IPv4-mapped IPv6 addresses on a dual-stack system.
  • Alix Axel
    Alix Axel over 10 years
    Nice to know, probably some Apache bug no?
  • Elliptical view
    Elliptical view over 10 years
    A php developer just told me REMOTE_ADDR comes from cgi and so from the server's tcp connection, and not http. But I'm still working on finding how the server could be reporting this to php, if that is what is happening.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I convert IPV6 address to IPV4 address?
How can I get both IPv4 and IPv6 address using PHP code?
Storing IP address in MySQL database (IPv4 AND IPv6)
WAMP "Unable to load dynamic library php_intl.dll"
Docker - Run Apache on host and container for different websites
Activation Curl on EasyPHP
How can I resolve a cross-site Google Analytics cookie `SameSite=None` warning in Chrome on Apache 2.4 and PHP 7.1?
Apache error - child pid 1789 exit signal Bus error (10)
.htaccess in Subfolder not working
HTTPS giving 404 not found error