Check if an IP address is private
Question
I like to check if an IP address is in a private network. It doesn't work.
My code:
<?php
$ip = $_SERVER['REMOTE_ADDR'];
function _isPrivate($ip)
{
$i = explode('.', $ip);
if ($i[0] == 10) {
return true;
} else if ($i[0] == 172 && $i[1] > 15 && $i[1] < 32) {
return true;
} else if ($i[0] == 192 && $i[1] == 168) {
return true;
}
return false;
}
?>
The other one:
<?php
$ip = $_SERVER['REMOTE_ADDR'];
function _isPrivate($ip)
{
$ip = ip2long($ip);
$net_a = ip2long('10.255.255.255') >> 24;
$net_b = ip2long('172.31.255.255') >> 20;
$net_c = ip2long('192.168.255.255') >> 16;
return $ip >> 24 === $net_a || $ip >> 20 === $net_b || $ip >> 16 === $net_c;
}
?>
Any help would be much appreciated, thanks!
6 answers
solution1
93 2012-12-11 10:48:25
I think this should solve the problem.
filter_var used with the following validation rules will return false if the IP address is a private one.
$user_ip = '127.0.0.1';
filter_var(
$user_ip,
FILTER_VALIDATE_IP,
FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE
)
Check the links above for the php documentation
solution2
31 ACCPTED 2012-12-11 10:19:42
function ip_is_private ($ip) {
$pri_addrs = array (
'10.0.0.0|10.255.255.255', // single class A network
'172.16.0.0|172.31.255.255', // 16 contiguous class B network
'192.168.0.0|192.168.255.255', // 256 contiguous class C network
'169.254.0.0|169.254.255.255', // Link-local address also refered to as Automatic Private IP Addressing
'127.0.0.0|127.255.255.255' // localhost
);
$long_ip = ip2long ($ip);
if ($long_ip != -1) {
foreach ($pri_addrs AS $pri_addr) {
list ($start, $end) = explode('|', $pri_addr);
// IF IS PRIVATE
if ($long_ip >= ip2long ($start) && $long_ip <= ip2long ($end)) {
return true;
}
}
}
return false;
}
See http://mebsd.com/coding-snipits/check-private-ip-function-php.html
You might also want to check out about the private address spaces here
solution3
5 2020-03-31 16:56:39
Ok this is 7 years old post. But I thought I can share my solution, so that maybe someone somewhere somehow might find it helpful.
My solution is based on the builtin PHP filter_var() function. Which means I do not have to pre-define all the private ranges or the reserved ones every single time I need to validate a given value. Or loop through the ranges. Instead I let PHP worries about it for me.
class IP
{
static public function is_ip($ip=NULL) : bool
{
return filter_var(
$ip,
FILTER_VALIDATE_IP,
FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6
) === $ip ? TRUE : FALSE;
}
static public function is_ipv4($ip=NULL) : bool
{
return filter_var(
$ip,
FILTER_VALIDATE_IP,
FILTER_FLAG_IPV4
) === $ip ? TRUE : FALSE;
}
static public function is_ipv6($ip=NULL) : bool
{
return filter_var(
$ip,
FILTER_VALIDATE_IP,
FILTER_FLAG_IPV6
) === $ip ? TRUE : FALSE;
}
static public function is_public_ip($ip=NULL) : bool
{
return filter_var(
$ip,
FILTER_VALIDATE_IP,
FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE
) === $ip ? TRUE : FALSE;
}
static public function is_public_ipv4($ip=NULL) : bool
{
return filter_var(
$ip,
FILTER_VALIDATE_IP,
FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE
) === $ip ? TRUE : FALSE;
}
static public function is_public_ipv6($ip=NULL) : bool
{
return filter_var(
$ip,
FILTER_VALIDATE_IP,
FILTER_FLAG_IPV6 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE
) === $ip ? TRUE : FALSE;
}
static public function is_private_ip($ip=NULL) : bool
{
return self::is_ip($ip) && !self::is_public_ip($ip);
}
static public function is_private_ipv4($ip=NULL) : bool
{
return self::is_ipv4($ip) && !self::is_public_ipv4($ip);
}
static public function is_private_ipv6($ip=NULL) : bool
{
return self::is_ipv6($ip) && !self::is_public_ipv6($ip);
}
}
It allows you to validate the given value in general whether or not it is an IP. or be more specific about it. you can validate the following types:
- IP
- IPv4
- IPv6
- public IP
- public IPv4
- public IPv6
- private IP
- private IPv4
- private IPv6
let's test it:
$arr = array(
'127.0.0.0', '127.0.0.1', '127.1.2.3', '127.1.2.255',
'192.168.0.0', '192.168.0.1', '192.168.2.3', '192.168.2.255',
'172.16.0.0', '172.16.0.1', '172.16.2.3', '172.16.2.255',
'172.19.0.0', '172.19.0.1', '172.19.2.3', '172.19.2.255',
'10.0.0.0', '10.0.0.1', '10.0.2.3', '10.0.2.255',
'10.5.0.0', '10.5.0.1', '10.5.2.3', '10.5.2.255',
'8.8.8.8', '8.8.4.4', '255.255.255',
'182.168.1.300', '256.1.2.3', '0.500.0.0',
'I am not an IP', NULL, '185.128.72.151'
);
foreach ($arr as $item) {
echo "$item --> " . (IP::is_private_ip($item) === TRUE ? 'is private' : 'is NOT private or NOT an IP') . PHP_EOL;
}
solution4
3 2016-04-16 16:48:21
...my 5 cents:
IMHO the underlying question is just "how to check if an IP address belongs to a network?".
The answer is simple binary: IP_address AND network_mask EQUALS network_address.
For example, Does IP address 10.1.2.3 belongs to network 10.0.0.0 with netmask 255.0.0.0? 10.1.2.3 & 255.0.0.0 is 10.0.0.0, so the answer is: yes it does.
Easier to see it in binary:
00001010 00000001 00000010 00000011 ( 10.1.2.3) ip address
& 11111111 00000000 00000000 00000000 (255.0.0.0) network mask
= 00001010 00000000 00000000 00000000 ( 10.0.0.0) network address
Just need to check that for the netwoks you need (including or not loopback, link-local, etc. ):
function _isPrivate($long_ip) {
return ( ($long_ip & 0xFF000000) === 0x0A000000 ) || //Private A network: 00001010 ....
( ($long_ip & 0xFFF00000) === 0xAC100000 ) || //Private B network: 10101100 0001....
( ($long_ip & 0xFFFF0000) === 0xC0A80000 ) || //Private C network: 11000000 10101000 ....
//Link-local and loopback are NOT private range, so the function in the question yield right results to "is in private range?". Seems it was not the desired behaviour... Those cases can also be checked:
( ($long_ip & 0xFFFF0000) === 0xA9FE0000 ) || //Link-local : 10101001 11111110 ....
( ($long_ip & 0xFFFF0000) === 0x7F000000 ) || //Loopback : 01111111 ....
//...and add all the fancy networks that you want...
( ($long_ip & 0xFFFFFF00) === 0xC0AF3000 ) || //Direct Delegation AS112 Service 192.175.48.0/24...
( ($long_ip & 0xF0000000) === 0xF0000000 ); //Reserved 240.0.0.0/4
}
The interesting point is the negation of the returned value. The returned value does not really means that the given IP is in a private network, but it's negation does really means that the given IP is a "public IP address" (a common/normal IP address) as the solution by user4880112 makes clear.
IPv6
The same works for IPv6. The "private network" adresses (formally "Unique-Local", RFC 4193 ) are "fc00::/7". So, ip_address & 0xFE00.. === 0xFC00.. is "private network"
Adopting the mentioned answer and including up-to-date information from IANA...
http://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml http://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
...we can make a bit more general function like this:
function isPublicAddress($ip) {
// returns false on failure.
// negative if it's a private or special address (-4:IPv4, -16:IPv6)
// positive if it's a common IP public address (4:IPv4, 16:IPv6)
$networks = array(
'4' => array('0.0.0.0/8',
'10.0.0.0/8',
'100.64.0.0/10',
'127.0.0.0/8',
'169.254.0.0/16',
'172.16.0.0/12',
'192.0.0.0/24',
'192.0.0.0/29',
'192.0.0.8/32',
'192.0.0.9/32',
'192.0.0.170/32',
'192.0.0.170/32',
'192.0.2.0/24',
'192.31.196.0/24',
'192.52.193.0/24',
'192.88.99.0/24',
'192.168.0.0/16',
'192.175.48.0/24',
'198.18.0.0/15',
'198.51.100.0/24',
'203.0.113.0/24',
'240.0.0.0/4',
'255.255.255.255/32')
,
'16' => array('::1/128',
'::/128',
'::ffff:0:0/96',
'64:ff9b::/96',
'100::/64',
'2001::/23',
'2001::/32',
'2001:1::1/128',
'2001:2::/48',
'2001:3::/32',
'2001:4:112::/48',
'2001:5::/32',
'2001:10::/28',
'2001:20::/28',
'2001:db8::/32',
'2002::/16',
'2620:4f:8000::/48',
'fc00::/7',
'fe80::/10')
);
$ip = inet_pton($ip);
if( $ip === false ) return false;
$space='16';
if (strlen($ip) === 4) {
$space='4';
}
//Is the IP in a private or special range?
foreach($networks[$space] as $network) {
//split $network in address and mask
$parts=explode('/',$network);
$network_address = inet_pton($parts[0]);
$network_mask = inet_pton( _mask( $ip , $parts[1] ) );
if (($ip & $network_mask) === $network_address){
return -1*$space;
}
}
//Success!
return $space;
}
function _mask($ip,$nbits){
$mask='';
$nibble=array('0','8','C','E');
$f_s= $nbits >> 2 ;
if( $f_s > 0 ) $mask.=str_repeat('F',$f_s);
if( $nbits % 4 ) $mask.= $nibble[$nbits % 4];
if( strlen($ip) === 4 ){
if( strlen($mask) < 8 ) $mask.=str_repeat('0', 8 - strlen($mask) );
long2ip('0x'.$mask);
$mask=long2ip('0x'.$mask);
}else{
if( strlen($mask) < 32 ) $mask.=str_repeat('0', 32 - strlen($mask) );
$mask=rtrim(chunk_split($mask,4,':'),':');
}
return $mask;
}
What I'm wondering now is: an IPv6 address in "IPv4-mapped Address" is a "special" address in IPv6 even if it was a "normal" ip address in IPv4. Should we consider "private use" the subnets in ::ffff:0:0/96 that match IPv4 private use networks?
EDIT to explain the last coment:
The IPv6 network ::ffff:0:0/96 maps to an IPv6 address every IPv4 address. Those IPv6 address are in a single set in the IANA registry ("Special-Purpose"), but the mapped IPv4 address are in all kind of sets in IPv4 (private netwok, loopback, broadcast, public... ) A "common IPv4 address" is always a "special IPv6 address". If we set up a network using IPv6 address in ::ffff:0:0/96 range that match IPv4 private networks... Are we using a private network address?
solution5
1
Using inet_pton instead of ip2long, and including some of the more obscure private ranges:
function isPublicAddress($ip) {
//Private ranges...
//http://www.iana.org/assignments/iana-ipv4-special-registry/
$networks = array('10.0.0.0' => '255.0.0.0', //LAN.
'172.16.0.0' => '255.240.0.0', //LAN.
'192.168.0.0' => '255.255.0.0', //LAN.
'127.0.0.0' => '255.0.0.0', //Loopback.
'169.254.0.0' => '255.255.0.0', //Link-local.
'100.64.0.0' => '255.192.0.0', //Carrier.
'192.0.2.0' => '255.255.255.0', //Testing.
'198.18.0.0' => '255.254.0.0', //Testing.
'198.51.100.0' => '255.255.255.0', //Testing.
'203.0.113.0' => '255.255.255.0', //Testing.
'192.0.0.0' => '255.255.255.0', //Reserved.
'224.0.0.0' => '224.0.0.0', //Reserved.
'0.0.0.0' => '255.0.0.0'); //Reserved.
//inet_pton.
$ip = @inet_pton($ip);
if (strlen($ip) !== 4) { return false; }
//Is the IP in a private range?
foreach($networks as $network_address => $network_mask) {
$network_address = inet_pton($network_address);
$network_mask = inet_pton($network_mask);
assert(strlen($network_address) === 4);
assert(strlen($network_mask) === 4);
if (($ip & $network_mask) === $network_address)
return false;
}
//Success!
return true;
}
solution6
0 2018-01-08 07:44:51
Basically @Mark Davidson's answer, but with bit math.
function isPrivate($szAddr) {
$nIP = ip2long($szAddr);
$arLocal = [
[ip2long('127.0.0.0'), 24],
[ip2long('10.0.0.0'), 24],
[ip2long('172.16.0.0'), 20],
[ip2long('192.168.0.0'), 16],
[ip2long('169.254.0.0'), 16],
];
foreach( $arLocal as $arP ) {
$maskLo = ~((1 << $arP[1]) - 1); // CREATE BIT MASK FROM NUMBER
if( ($nIP & $maskLo) === $arP[0] ) // BITWISE-AND, THEN COMPARE
return true;
}
return false;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.