1

I have an application that relies on IPV4 addresses. Recently, some requests are returning IPV6 addresses when calling request.remote_addr and that is breaking the app.

Is there any way to force and App Engine (Standard, Python) app to return only IPV4 addresses for remote IP's? Or is there any function to "map" or "project" IPV6 to IPV4? I do know that are different and the first has a higher number of combinations possible, se there is no way to 1-1 conversion.

My app case: We have several users under the same router connected to the WAN (public IP, returned by request.remote_addr property). I need to be able to check if the user request is in the same WAN IP address, I will process it. If the user makes a request outside of the LAN (from his cell phone or home) if the server detect that the remote IP is different, I will block the request.

I am not sure if two users with different local IP addresses under the same router connected to WAN will return the same IPV6 WAN address... If the IPV6 WAN address is the same for any user under the LAN, the app could work without trouble. Or if we can detect if two IPV6 addresses are on the same LAN and with same WAN access, that could also work.

We use other security and authentication techniques, this is only a brief and simple description of a very complex app, and this new feature doesn't have to be perfect.

Ying Li
  • 2,500
  • 2
  • 13
  • 37
Rene Marty
  • 531
  • 4
  • 14
  • 4
    You might want to read about the basics of IPv6 and fix your app. Also an IP (4 or 6) address is never suitable for security and authentication. – Klaus D. Mar 31 '18 at 15:59
  • 2
    You're making lots of assumptions that don't always work. In my house my external IPv4 address isn't always the same because of CGN, but my IPv6 prefix is pretty stable. While your assumptions may work for the majority of your users today, reality will definitely change. – Sander Steffann Mar 31 '18 at 16:16
  • 2
    You have to fix the application. You will get more and more IPv6 connections as time goes by and more people get access to IPv6. It seems you also need to learn the basics of IPv6. – Michael Hampton Mar 31 '18 at 16:59

1 Answers1

2

First of all, you really need to make sure your application works with IPv6; the change is IPv6 isn't random, it's necessary. If you don't account for IPv6 addresses, your application will not work with everyone (and the percentage of clients you won't work with will increase with time).

If you wish to check if an IPv6 address is on the same subnet as another, this question might help you out.

Ying Li
  • 2,500
  • 2
  • 13
  • 37