Web Software Architecture and Engineering – Life on the Bleeding Edge

As you may know, recently I wrote a cgi facade. In that facade, we check for certain headers, and prefer them over CGI.REMOTE_ADDR, which may be incorrect if a proxy is involved.
Well, I assumed that the proxies configured to send those headers would be doing so correctly. Turns out, one of our new clients, and unnamed government entity was passing bogus data using Squid. Did I mention I hate Squid?
Anyways, so after quickly looking at the bad data, I decided to add a simple check to see if the data is a valid IP (IPv4). Lo and behold, what I found out there was inconsistent in validating for IPv4.
I started at CFLib, where I found the IsIP UDF written by Nathan Dintenfass.
Second, I found a CF Function called validIpAddress written by Wil Genovese. It uses Regex to find a valid IP.
Third, I found a undocumented, in-built CF method that supposedly validates IPs, in a blog post by Anuj Gakhar.
And last, Joseph Lamoree, my co-worker, looked up an old UDF he had written called isIPV4.
I ran a series of tests against all 4, and here is what I found:
IP: 0.1.1.1
Check using isIP UDF: true
Check using validIPAddress: true
Check using Internal CF:
* validateIPAdress: YES
* validateIPv4Address: YES
* validateIPv6Address: NO
Using Joseph’s UDF: false
IP: 0.0.0.0
Check using isIP UDF: false
Check using validIPAddress: false
Check using Internal CF:
* validateIPAdress: YES
* validateIPv4Address: YES
* validateIPv6Address: NO
Using Joseph’s UDF: false
IP: 255.255.255.255
Check using isIP UDF: false
Check using validIPAddress: false
Check using Internal CF:
* validateIPAdress: YES
* validateIPv4Address: YES
* validateIPv6Address: NO
Using Joseph’s UDF: false
IP: 192.168.0.0
Check using isIP UDF: true
Check using validIPAddress: false
Check using Internal CF:
* validateIPAdress: YES
* validateIPv4Address: YES
* validateIPv6Address: NO
Using Joseph’s UDF: false
And finally, IP: 127.0.0.1
Check using isIP UDF: true
Check using validIPAddress: false
Check using Internal CF:
* validateIPAdress: YES
* validateIPv4Address: YES
* validateIPv6Address: NO
Using Joseph’s UDF: true
As you can see, Joseph’s simple UDF really shined, and the Internal CF methods acted weird. The other functions were inconsistent.
I can understand the difference between validation according to standards set by a RFC and looking for real-world IP. I was surprised there isn’t someone who had posted something rock-solid before for ColdFusion without getting heavy into Java like CFDNS.
Here is the code I used: http://pastebin.com/TgnSG7iL.

Advertisements

Comments on: "Real-world check for Is IP Valid using ColdFusion. 4 Techniques Examined." (4)

  1. @Sami – Thank you for mentioning my solution for validating IP addresses. The first thing you should have noticed was that the function I wrote was not to validate IP addresses but was instead meant to restrict certain blocks of IP addresses from being used. I had a very specific criteria to meet and my function does just that. It is not meant as a generic IP Address Validation function.

    Thank you,
    Wil

  2. @Wil,

    Yeah, thats good to note. Thanks!

  3. The validateIPv4Address method is the only one returning correct results here. Joseph’s method is wrong in all of these cases where it returns false.

    You seem to want to filter out multicast/broadcast and network addresses that can’t be assigned to hosts. That’s an entirely different matter from just validating if an address is valid according to the IPv4 spec.

  4. Yeah, its definitely real world IPv4 addresses.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: