Open wkcaj opened 10 years ago
ValdikSS
commented
10 years ago If there was IPv6 support in safecurl, it would be possible to get btc.txt with the current blacklists with http://[::1]/btc.txt. But since the code tries to resolve [::1] with gethostbynamel() and fails, it doesn't work.
ValdikSS
commented
10 years ago And don't forget about IPv4-IPv6 mapping via ::ffff:aaaa:bbbb
ValdikSS
commented
10 years ago Anyway, you should use dns_get_record() and resolve both A and AAAA records.
wkcaj
commented
10 years ago Great idea. This is something I'll work on tonight and hopefully get merged in.
mozfreddyb
commented
10 years ago For completeness' sake I'd like to mention the ip6-localnet, ip6-localhost ip6-loopback host names defined in /etc/hosts. But the current setup that checks the numerical IP shouldn't make it a bypass.
If you support IPv6 you'll have to block a lot of subnets and I'm not sure I remember all of them.
Maybe even those in 6to4 that imply private IP6 (e.g., 2002:quad1:quad2:quad3:quad4::) even though that highly depends on 6to4 routing and setup.
I found these docs useful resources once: https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xml and http://computernetworkingnotes.com/ipv6-features-concepts-and-configurations/special-ipv6-to-devices.html
mogul
commented
4 years ago Have you considered using PHP's filter_var() with appropriate flags?
Currently SafeCurl only supports IPv4.
This is due to the gethostbynamel function in PHP only supporting v4 addresses.
IPv6 support could be done via calls to
dig, however, this could be dangerous. Investigation needed.