NaviServer - programmable web server
4.99  5.0

[ Main Table Of Contents | Table Of Contents | Keyword Index ]

ns_ip(n) 5.0.0a naviserver "NaviServer Built-in Commands"

Name

ns_ip - Determine properties of IP addresses in the current configuration

Table Of Contents

Synopsis

Description

The command ns_ip is used to determine certain properties of IP addresses. It accepts as input IPv4 or IPv6 addresses and checks, for example, whether the address is valid, whether the IP is a public or trusted IP address, or whether it is in the range of a subnet specification in CIDR notation. https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing

COMMANDS

ns_ip match cidr ipaddr

Validates the provided cidr (subnet) specification (IPv4 or IPv6 address followed by slash and number of significant bits) and the provided ipaddr and tests whether the IP address is in the implied range. The command returns a boolean value as the result. When comparing an IPv4 and IPv6 address/CIDR specification or vice versa, the result is always false.

ns_ip properties ipaddr

Returns a dict with the members "trusted", "public", and "type" for the provided ipaddr.

ns_ip public ipaddr

Tests if the provided ipaddr is a public IP address, i.e., reachable from the public Internet. This excludes e.g. loopback, private, link-local addresses and networks.

ns_ip trusted ipaddr

Tests if the provided ipaddr was defined as a trusted IP address for an upstream reverse proxy server in the used configuration file. This is important for running behind a reverse proxy server.

ns_ip valid ?-type ipv4|ipv6? ?--? ipaddr

Tests if the provided ipaddr is a valid IP address. With the optional ?-type? argument the result can be constraint further to check, if the address is an IPv4 or an IPv6 address.

EXAMPLES

 % ns_ip match 137.208.0.0/16 137.208.116.31
 1
 
 % ns_ip match 137.208.0.0/16 112.207.16.33
 0
 % ns_ip match 2001:628:404:74::31/64 [ns_conn peeraddr]
 ...
 
 # Is IP address a valid IPv6 address?
 % set ip [ns_conn peeraddr]
 % ns_ip valid -type ipv6 $ip
 % ns_ip match ::/0 $ip
 % string equal IPv6 [dict get [ns_ip properties $ip] type]
 
 # Is IP address a valid IPv4 address?
 % ns_ip valid -type ipv4 $ip
 % ns_ip match 0.0.0.0/0 $ip
 % string equal IPv4 [dict get [ns_ip properties $ip] type]

CONFIGURATION

 ns_section ns/parameters/reverseproxymode {
    ns_param enabled 1
    #
    # Define some address ranges of cloudflare as trusted sources
    # for the "x-forwarded-for" header field.
    #
    ns_param trustedservers {
       103.21.244.0/22
       104.24.0.0/14
       2400:cb00::/32
       2606:4700::/32
    }
    # ....
 }

See Also

ns_conn

Keywords

CIDR, IPv4, IPv6, behind reverse proxy, global built-in, reverse proxy, reverseproxymode, subnet, trustedservers