[Catalyst] IPv6 client addresses

Matija Grabnar matija at serverflow.com
Mon Jan 14 19:38:40 GMT 2013


On 01/14/2013 08:13 PM, Bill Moseley wrote:
>
> Anyone already in a dual-stack environment?  Any other gotchas to 
> consider?
>
>
> I use $c->req->address to limit access -- for example to limit some 
> actions to our local LAN or for customers to limit access to our API 
> via a customer-supplied CIDR.
>
Last I checked, the development server in scripts/ was IPv4 only. Only 
if your script is being called from Apache or other dual-stack 
supporting web server will you be seeing IPv6 accesses.

$c->req->address will return whichever address was used to access the 
server, either v4 or v6. Depending on the OS, the IPv4 address may be 
presented in IPv6 form (for example ::ffff:192.0.2.128 ).

If you're saving addresses, make sure you have enough space in your 
database to save either.

If you intend to, as you say, match addresses (for access or denial of 
access), know that exact matches probably will not be good enough. You 
will probably have to block entire /64s or more (think "address privacy 
extensions"). You should probably leave the size of the match configurable.

If you use geolocation or remote black lists, make sure it supports 
IPv6, too (some do, some don't).

Other than that, I can't think of any gotchas.





More information about the Catalyst mailing list