PHP 上的客户端 IPv6 但节点服务器上的 IPv4 - 需要它们相同

Question

I am running into an issue in relation to security and verification. I have a software that checks to confirm a user, and I need to make sure it's the same client sending a PHP request and a node server request. However, on the node server, the client's IP is shown in IPv4, and on the PHP it is shown in IPv6. Is there any way I can get the same output somewhere, for example extract the IPv6 on the node server, or the IPv4 on the PHP server? Thanks.

Obtaining the same IP or verifying that it is the same client despite a "different" IPv4 and IPv6

Answer 1

The problem is that IPv6 and IPv4 are not coupled in any way. There's no way to deduce a v6 address from the v4 address or the other way around.

In my humble opionion, verifying users by their IP addresses is something you should avoid as IP addresses are spoofable , and the practice leads to these kind of issues. That said, there are a couple of "solutions".

• Disable IPv6 on the webserver that's hosting the PHP application. Since you haven't mentioned which type of webserver this is, you should be able to google something like 'disable ipv6 apache' on how to achieve this. This should garantuee an identical IPv4 address on both servers. I personally don't particularly like this solution as it hinders IPv6 adoption.

• Enable IPv6 on the node server . Please note that clients can still prefer IPv4 over IPv6 for any reason at all and there's no way to garantuee that it will use IPv6 to both webservers.

• You could proxy all calls from one webserver to the other and pass the original IP in for example an 'X-Forwarded-For' header. This will introduce some overhead, but the source IP will be stabler.

• Personally, I'd shy away from using the IP address and implement some sort of token stored on the client that can be verified on both servers by means of a shared database if that is an option.