6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"REMOTE_ADDR and IPv6 in PHP\",\"text\":\"

Is it safe to assume that $_SERVER['REMOTE_ADDR'] always returns a IPv4 address?

\\n\\n

Thanks!

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Alix Axel\"},\"upvoteCount\":21,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

The REMOTE_ADDR key is set by the web server, not PHP. If the web server listens on v6 and the user connects that way, it'll be a v6 address

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Michael Mrozek\"},\"upvoteCount\":27}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","php",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/php/1","children":"php"}]}],["$","span","apache",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/apache/1","children":"apache"}]}],["$","span","ip-address",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/ip-address/1","children":"ip-address"}]}],["$","span","ipv6",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/ipv6/1","children":"ipv6"}]}],["$","span","ipv4",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/ipv4/1","children":"ipv4"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/be9e4cbcfa96b7e4ad4bc28c88cfdb2b?s=256&d=identicon&r=PG","alt":"Alix Axel","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/89771/alix-axel","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Alix Axel"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",154553]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"REMOTE_ADDR and IPv6 in PHP"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

Is it safe to assume that $_SERVER['REMOTE_ADDR'] always returns a IPv4 address?

\n\n

Thanks!

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",21]}],["$","p",null,{"children":["Views: ",12866]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","21655808",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/wJ0mm.jpg?s=256","alt":"Elliptical view","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/1483904/elliptical-view","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Elliptical view"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",3782]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

I have seen a bad IP address reported to php in REMOTE_ADDR from Apache 2.

\n\n

It was '183.60..244.37'.

\n\n

So the answer to your question, \"Is it safe to assume...\", I think is definitely no, REMOTE_ADDR can not be trusted.

\n\n

As far as I know it is reported to PHP from the server, in my case Apache. Why it was bad I am still trying to figure out. I do know this. It came in as part of a batch of attack requests. Sometimes it was 183.60.244.37 and sometimes it was 183.60..244.37.

\n\n

See also this.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}],["$","div","2619646",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/dd7e03fbbfcabd4675844173ec5390d2?s=256&d=identicon&r=PG","alt":"Michael Mrozek","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/309308/michael-mrozek","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Michael Mrozek"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",175395]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

The REMOTE_ADDR key is set by the web server, not PHP. If the web server listens on v6 and the user connects that way, it'll be a v6 address

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",27]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","12435582",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/12435582","className":"text-blue-600 hover:underline","children":"PHP $_SERVER['REMOTE_ADDR'] shows IPv6"}]}],["$","li","45702698",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/45702698","className":"text-blue-600 hover:underline","children":"Converting IPv6 to IPv4 address in PHP"}]}],["$","li","444966",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/444966","className":"text-blue-600 hover:underline","children":"How to handle IPv6 Addresses in PHP?"}]}],["$","li","37540429",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/37540429","className":"text-blue-600 hover:underline","children":"Calculate ipv6 cidr php"}]}],["$","li","34639205",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/34639205","className":"text-blue-600 hover:underline","children":"REMOTE_ADDR returns 2 IPv4 instead of one"}]}],["$","li","10318702",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/10318702","className":"text-blue-600 hover:underline","children":"IPV6 notation of $_SERVER['REMOTE_ADDR']"}]}],["$","li","19783763",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/19783763","className":"text-blue-600 hover:underline","children":"ip4 and ip6 convert in different way"}]}],["$","li","13537136",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/13537136","className":"text-blue-600 hover:underline","children":"Get IPv6 in PHP"}]}],["$","li","12379584",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/12379584","className":"text-blue-600 hover:underline","children":"PHP -> $_SERVER['REMOTE_ADDR' and Octects"}]}],["$","li","5380832",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/5380832","className":"text-blue-600 hover:underline","children":"Detect IPv6 in PHP?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

REMOTE_ADDR and IPv6 in PHP

Answers (2)

Related Questions