Please sign in to comment.
Add IPv6 support to TrustProxy and RobotIP; normalize remote_addr
In order to handle the masking of IPv6 addresses properly, we must first normalize the address to a full, expanded form. This ends up changing (potentially and probably) how the internal representation of $CGI::remote_addr is handled, due to expanding the address to its maximal representation, with all leading 0's included and no :: truncation present. This may have side effects to users who are relying on the logging of the IP address in various tables, as [data session ohost] will return a string which is 39 characters which may exceed some previous limitations in default character size. (In the Strap catalog, this includes the pay_certs_lock table and there are likely many other custom logging solutions for IP which might need to be expanded.) Additionally, because this normalization is done prior to session initialization, it is likely that any existing IPv6 sessions could drop due to a different internal MV_SESSION_ID representation. Rollout of this should be coordinated to be at a convenient time, or one could write a script to process/link all session files which could be affected to include the IPv6 as a hard link to the new session file. The CIDR representation for IPv6 does not need to be in the normalized form, as it will expand automatically. You will also be able to intermix both IPv4 and IPv6 entries for each directive type.
- Loading branch information...
Showing with 145 additions and 7 deletions.