[HttpFoundation] Add IpUtils::isPrivateIp #49726
Conversation
carsonbot
changed the title
There was a problem hiding this comment.
Yes, providing a way to check if an IP address is public or private is a good idea and should be included in the framework. You would use the constant like this?
IpUtils::checkIp($ip, IpUtils::PRIVATE_SUBNETS);I wonder if we shouldn't add a new public method instead: it would be more intuitive for users. This would allow for more logic in the future if needed and prevent potential confusion. Developers who are not familiar with network ranges may not understand the purpose of the constant or how it should be used, which could lead to security errors in their code.
Something along the lines of the following could be added: IpUtils::isPrivateIp(string $requestIp)If we can agree that the method should be added, I will add it to the PR. I don't know too much about network ranges but I should be able to reuse the tests from the |
danielburger1337
changed the title
|
Thank you @danielburger1337. |
This PR was squashed before being merged into the 6.3 branch. Discussion ---------- Add IpUtils::isPrivateIp docs References symfony/symfony#49726 Commits ------- 990596e Add IpUtils::isPrivateIp docs
This is only my second PR for this project, so I hope I followed all the guidelines correctly.
Recently I had more and more use cases where I had to make exceptions (mostly rate limiting) for private IP ranges.
Symfony currently does not provide an easy way to check if an IP is private or public but implements such logic internally (private constant) for the NoPrivateNetworkHttpClient.
This PR intents to make the private subnet list reusable by adding it to IpUtils.
In the original PR of the NoPrivateNetworkHttpClient it was also briefly mentioned that this constant may have value when made public. #35566 (comment)
I think symfony should and always should have exposed this constant.