I like to check if an IP address is in a private network. It doesn't work.
My code:
<?php
$ip = $_SERVER['REMOTE_ADDR'];
function _isPrivate($ip)
{
$i = explode('.', $ip);
if ($i[0] == 10) {
return true;
} else if ($i[0] == 172 && $i[1] > 15 && $i[1] < 32) {
return true;
} else if ($i[0] == 192 && $i[1] == 168) {
return true;
}
return false;
}
?>
The other one:
<?php
$ip = $_SERVER['REMOTE_ADDR'];
function _isPrivate($ip)
{
$ip = ip2long($ip);
$net_a = ip2long('10.255.255.255') >> 24;
$net_b = ip2long('172.31.255.255') >> 20;
$net_c = ip2long('192.168.255.255') >> 16;
return $ip >> 24 === $net_a || $ip >> 20 === $net_b || $ip >> 16 === $net_c;
}
?>
Any help would be much appreciated, thanks!
function ip_is_private ($ip) {
$pri_addrs = array (
'10.0.0.0|10.255.255.255', // single class A network
'172.16.0.0|172.31.255.255', // 16 contiguous class B network
'192.168.0.0|192.168.255.255', // 256 contiguous class C network
'169.254.0.0|169.254.255.255', // Link-local address also refered to as Automatic Private IP Addressing
'127.0.0.0|127.255.255.255' // localhost
);
$long_ip = ip2long ($ip);
if ($long_ip != -1) {
foreach ($pri_addrs AS $pri_addr) {
list ($start, $end) = explode('|', $pri_addr);
// IF IS PRIVATE
if ($long_ip >= ip2long ($start) && $long_ip <= ip2long ($end)) {
return true;
}
}
}
return false;
}
See http://mebsd.com/coding-snipits/check-private-ip-function-php.html
You might also want to check out about the private address spaces here
I think this should solve the problem.
filter_var used with the following validation rules will return false if the IP address is a private one.
$user_ip = '127.0.0.1';
filter_var(
$user_ip,
FILTER_VALIDATE_IP,
FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE
)
Check the links above for the php documentation
...my 5 cents:
IMHO the underlying question is just "how to check if an IP address belongs to a network?".
The answer is simple binary: IP_address AND network_mask EQUALS network_address.
For example, Does IP address 10.1.2.3 belongs to network 10.0.0.0 with netmask 255.0.0.0? 10.1.2.3 & 255.0.0.0 is 10.0.0.0, so the answer is: yes it does.
Easier to see it in binary:
00001010 00000001 00000010 00000011 ( 10.1.2.3) ip address
& 11111111 00000000 00000000 00000000 (255.0.0.0) network mask
= 00001010 00000000 00000000 00000000 ( 10.0.0.0) network address
Just need to check that for the netwoks you need (including or not loopback, link-local, etc. ):
function _isPrivate($long_ip) {
return ( ($long_ip & 0xFF000000) === 0x0A000000 ) || //Private A network: 00001010 ....
( ($long_ip & 0xFFF00000) === 0xAC100000 ) || //Private B network: 10101100 0001....
( ($long_ip & 0xFFFF0000) === 0xC0A80000 ) || //Private C network: 11000000 10101000 ....
//Link-local and loopback are NOT private range, so the function in the question yield right results to "is in private range?". Seems it was not the desired behaviour... Those cases can also be checked:
( ($long_ip & 0xFFFF0000) === 0xA9FE0000 ) || //Link-local : 10101001 11111110 ....
( ($long_ip & 0xFFFF0000) === 0x7F000000 ) || //Loopback : 01111111 ....
//...and add all the fancy networks that you want...
( ($long_ip & 0xFFFFFF00) === 0xC0AF3000 ) || //Direct Delegation AS112 Service 192.175.48.0/24...
( ($long_ip & 0xF0000000) === 0xF0000000 ); //Reserved 240.0.0.0/4
}
The interesting point is the negation of the returned value. The returned value does not really means that the given IP is in a private network, but it's negation does really means that the given IP is a "public IP address" (a common/normal IP address) as the solution by user4880112 makes clear.
IPv6
The same works for IPv6. The "private network" adresses (formally "Unique-Local", RFC 4193 ) are "fc00::/7". So, ip_address & 0xFE00.. === 0xFC00.. is "private network"
Adopting the mentioned answer and including up-to-date information from IANA...
http://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
http://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
...we can make a bit more general function like this:
function isPublicAddress($ip) {
// returns false on failure.
// negative if it's a private or special address (-4:IPv4, -16:IPv6)
// positive if it's a common IP public address (4:IPv4, 16:IPv6)
$networks = array(
'4' => array('0.0.0.0/8',
'10.0.0.0/8',
'100.64.0.0/10',
'127.0.0.0/8',
'169.254.0.0/16',
'172.16.0.0/12',
'192.0.0.0/24',
'192.0.0.0/29',
'192.0.0.8/32',
'192.0.0.9/32',
'192.0.0.170/32',
'192.0.0.170/32',
'192.0.2.0/24',
'192.31.196.0/24',
'192.52.193.0/24',
'192.88.99.0/24',
'192.168.0.0/16',
'192.175.48.0/24',
'198.18.0.0/15',
'198.51.100.0/24',
'203.0.113.0/24',
'240.0.0.0/4',
'255.255.255.255/32')
,
'16' => array('::1/128',
'::/128',
'::ffff:0:0/96',
'64:ff9b::/96',
'100::/64',
'2001::/23',
'2001::/32',
'2001:1::1/128',
'2001:2::/48',
'2001:3::/32',
'2001:4:112::/48',
'2001:5::/32',
'2001:10::/28',
'2001:20::/28',
'2001:db8::/32',
'2002::/16',
'2620:4f:8000::/48',
'fc00::/7',
'fe80::/10')
);
$ip = inet_pton($ip);
if( $ip === false ) return false;
$space='16';
if (strlen($ip) === 4) {
$space='4';
}
//Is the IP in a private or special range?
foreach($networks[$space] as $network) {
//split $network in address and mask
$parts=explode('/',$network);
$network_address = inet_pton($parts[0]);
$network_mask = inet_pton( _mask( $ip , $parts[1] ) );
if (($ip & $network_mask) === $network_address){
return -1*$space;
}
}
//Success!
return $space;
}
function _mask($ip,$nbits){
$mask='';
$nibble=array('0','8','C','E');
$f_s= $nbits >> 2 ;
if( $f_s > 0 ) $mask.=str_repeat('F',$f_s);
if( $nbits % 4 ) $mask.= $nibble[$nbits % 4];
if( strlen($ip) === 4 ){
if( strlen($mask) < 8 ) $mask.=str_repeat('0', 8 - strlen($mask) );
long2ip('0x'.$mask);
$mask=long2ip('0x'.$mask);
}else{
if( strlen($mask) < 32 ) $mask.=str_repeat('0', 32 - strlen($mask) );
$mask=rtrim(chunk_split($mask,4,':'),':');
}
return $mask;
}
What I'm wondering now is: an IPv6 address in "IPv4-mapped Address" is a "special" address in IPv6 even if it was a "normal" ip address in IPv4. Should we consider "private use" the subnets in ::ffff:0:0/96 that match IPv4 private use networks?
EDIT to explain the last coment:
The IPv6 network ::ffff:0:0/96 maps to an IPv6 address every IPv4 address. Those IPv6 address are in a single set in the IANA registry ("Special-Purpose"), but the mapped IPv4 address are in all kind of sets in IPv4 (private netwok, loopback, broadcast, public... ) A "common IPv4 address" is always a "special IPv6 address". If we set up a network using IPv6 address in ::ffff:0:0/96 range that match IPv4 private networks... Are we using a private network address?
Using inet_pton instead of ip2long, and including some of the more obscure private ranges:
function isPublicAddress($ip) {
//Private ranges...
//http://www.iana.org/assignments/iana-ipv4-special-registry/
$networks = array('10.0.0.0' => '255.0.0.0', //LAN.
'172.16.0.0' => '255.240.0.0', //LAN.
'192.168.0.0' => '255.255.0.0', //LAN.
'127.0.0.0' => '255.0.0.0', //Loopback.
'169.254.0.0' => '255.255.0.0', //Link-local.
'100.64.0.0' => '255.192.0.0', //Carrier.
'192.0.2.0' => '255.255.255.0', //Testing.
'198.18.0.0' => '255.254.0.0', //Testing.
'198.51.100.0' => '255.255.255.0', //Testing.
'203.0.113.0' => '255.255.255.0', //Testing.
'192.0.0.0' => '255.255.255.0', //Reserved.
'224.0.0.0' => '224.0.0.0', //Reserved.
'0.0.0.0' => '255.0.0.0'); //Reserved.
//inet_pton.
$ip = @inet_pton($ip);
if (strlen($ip) !== 4) { return false; }
//Is the IP in a private range?
foreach($networks as $network_address => $network_mask) {
$network_address = inet_pton($network_address);
$network_mask = inet_pton($network_mask);
assert(strlen($network_address) === 4);
assert(strlen($network_mask) === 4);
if (($ip & $network_mask) === $network_address)
return false;
}
//Success!
return true;
}
Basically @Mark Davidson's answer, but with bit math.
function isPrivate($szAddr) {
$nIP = ip2long($szAddr);
$arLocal = [
[ip2long('127.0.0.0'), 24],
[ip2long('10.0.0.0'), 24],
[ip2long('172.16.0.0'), 20],
[ip2long('192.168.0.0'), 16],
[ip2long('169.254.0.0'), 16],
];
foreach( $arLocal as $arP ) {
$maskLo = ~((1 << $arP[1]) - 1); // CREATE BIT MASK FROM NUMBER
if( ($nIP & $maskLo) === $arP[0] ) // BITWISE-AND, THEN COMPARE
return true;
}
return false;
}
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 乱世女痞 的文章《Check if an IP address is private》','https://www.manongdao.com/article-161299.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}