Closed mifriis closed 8 years ago
@mifriis I'm going to dig into this today and let you know what I find.
I get: Invalid byte: ::ffff:80 here when using ipv6 as filter for whitelist
I'd move away from netmask and use https://github.com/whitequark/ipaddr.js instead
@mifriis @Freundschaft we've updated the package to address the IPv6 issues (v0.0.25). Please let us know if you run into anything else.
It seems not work yet with ip like ::ffff:192.168.1.1
@amcereijo we ran a few tests with version 0.0.25
and it worked locally whitelisting and blacklisting our IP addresses in the format you provided. is it possible you have a cached version of the library or an older version?
I'm using the last version, I've installed right now.
Adding app.use(require('express-ipfilter')(['192.168.1.140'], { mode: 'allow' })
When I make calls: From 192.168.1.130: Access denied to IP address: ::ffff:192.168.1.130 CORRECT! From 192.168.1.140: Access denied to IP address: ::ffff:192.168.1.140 WRONG!
I'm using mac OS El capitan with node.js v4.2.2
@amcereijo you need to explicitly define the IPv6 version of that address
app.use(require('express-ipfilter')(['::ffff:192.168.1.140'], { mode: 'allow' })
It works in this way.
I'm using the package "ipaddr.js" and doing something like that the code below to use the ip like I put before.
const ip2 = const ip2 = ipaddr.process(allowedIps[i]);req.ip); // it is '::ffff:192.168.1.140' const ip2 = ipaddr.process('192.168.1.140'); const allow = ip.toLocaleString() === ip2.toLocaleString(); // it is true
2016-03-29 20:58 GMT+02:00 Ryan Billingsley notifications@github.com:
@amcereijo https://github.com/amcereijo you need to explicitly define the IPv6 version of that address
app.use(require('express-ipfilter')(['::ffff:192.168.1.140'], { mode: 'allow' })
— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/baminteractive/express-ipfilter/issues/22#issuecomment-203051118
@amcereijo I would prefer an explicit declaration to avoid creating any kind of loophole
Yes , It's ok. It just I'm seeing that in other machines running Linux (as in an amazon environment) , the ip getting from "req.ip" or "req.connection.remoteAddress" is '192.168.1.140' instead of '::ffff:192.168.1.140' and in this way the match doesn't work
2016-03-29 21:28 GMT+02:00 Ryan Billingsley notifications@github.com:
@amcereijo https://github.com/amcereijo I would prefer an explicit declaration to avoid creating any kind of loophole
— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/baminteractive/express-ipfilter/issues/22#issuecomment-203063211
@amcereijo if you want to create a PR that adds a new option that will block both versions, I would be open to looking at it, but for the immediate future you can add both entries to the ip array, or write a function to automatically add it for you.
If this comes up again, we can reopen this issue and take another look. Thanks.
Node seems to favour IPv6 where availiable. So locally my IP is detected as "::1".
Setting up the whilist as: var ips = ['127.0.0.1', '::1']; work exactly as advertised and i am allowed in.
However, when hosted the IP's are IPv4 and i need to CIDR aswell. I have tried the following:
var ips = ['127.0.0.1/32', '::1/32', '170.20.68.68/32', '170.20.70.30/32']; var ips = ['127.0.0.1', '::1', '170.20.68.68/32', '170.20.70.30/32'];
Both result in this message sent to the browser: Invalid net address: ::1 It's not a node error, everything appears to work fine behind the screen.
It seems the CIDR filter doesn't work with IPv6, or the combination of IPv6 and 4 along with CIDR is malfunctioning.
Can you advice?