IPv6 locally but IPv4 when hosted

[mifriis]

Node seems to favour IPv6 where availiable. So locally my IP is detected as "::1".

Setting up the whilist as: var ips = ['127.0.0.1', '::1']; work exactly as advertised and i am allowed in.

However, when hosted the IP's are IPv4 and i need to CIDR aswell. I have tried the following:

var ips = ['127.0.0.1/32', '::1/32', '170.20.68.68/32', '170.20.70.30/32']; var ips = ['127.0.0.1', '::1', '170.20.68.68/32', '170.20.70.30/32'];

Both result in this message sent to the browser: Invalid net address: ::1 It's not a node error, everything appears to work fine behind the screen.

It seems the CIDR filter doesn't work with IPv6, or the combination of IPv6 and 4 along with CIDR is malfunctioning.

Can you advice?

[nsbingham]

@mifriis I'm going to dig into this today and let you know what I find.

[Freundschaft]

I get: Invalid byte: ::ffff:80 here when using ipv6 as filter for whitelist

I'd move away from netmask and use https://github.com/whitequark/ipaddr.js instead

[nsbingham]

@mifriis @Freundschaft we've updated the package to address the IPv6 issues (v0.0.25). Please let us know if you run into anything else.

[amcereijo]

It seems not work yet with ip like ::ffff:192.168.1.1

[nsbingham]

@amcereijo we ran a few tests with version 0.0.25 and it worked locally whitelisting and blacklisting our IP addresses in the format you provided. is it possible you have a cached version of the library or an older version?

[amcereijo]

I'm using the last version, I've installed right now.

Adding app.use(require('express-ipfilter')(['192.168.1.140'], { mode: 'allow' })

When I make calls: From 192.168.1.130: Access denied to IP address: ::ffff:192.168.1.130 CORRECT! From 192.168.1.140: Access denied to IP address: ::ffff:192.168.1.140 WRONG!

I'm using mac OS El capitan with node.js v4.2.2

[ryanbillingsley]

@amcereijo you need to explicitly define the IPv6 version of that address

app.use(require('express-ipfilter')(['::ffff:192.168.1.140'], { mode: 'allow' })

[amcereijo]

It works in this way.

I'm using the package "ipaddr.js" and doing something like that the code below to use the ip like I put before.

const ip2 = const ip2 = ipaddr.process(allowedIps[i]);req.ip); // it is '::ffff:192.168.1.140' const ip2 = ipaddr.process('192.168.1.140'); const allow = ip.toLocaleString() === ip2.toLocaleString(); // it is true

2016-03-29 20:58 GMT+02:00 Ryan Billingsley notifications@github.com:

@amcereijo https://github.com/amcereijo you need to explicitly define the IPv6 version of that address

app.use(require('express-ipfilter')(['::ffff:192.168.1.140'], { mode: 'allow' })

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/baminteractive/express-ipfilter/issues/22#issuecomment-203051118

[ryanbillingsley]

@amcereijo I would prefer an explicit declaration to avoid creating any kind of loophole

[amcereijo]

Yes , It's ok. It just I'm seeing that in other machines running Linux (as in an amazon environment) , the ip getting from "req.ip" or "req.connection.remoteAddress" is '192.168.1.140' instead of '::ffff:192.168.1.140' and in this way the match doesn't work

2016-03-29 21:28 GMT+02:00 Ryan Billingsley notifications@github.com:

@amcereijo https://github.com/amcereijo I would prefer an explicit declaration to avoid creating any kind of loophole

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/baminteractive/express-ipfilter/issues/22#issuecomment-203063211

[ryanbillingsley]

@amcereijo if you want to create a PR that adds a new option that will block both versions, I would be open to looking at it, but for the immediate future you can add both entries to the ip array, or write a function to automatically add it for you.

If this comes up again, we can reopen this issue and take another look. Thanks.