On 01/14/2013 08:13 PM, Bill Moseley wrote:
Anyone already in a dual-stack environment? Any other gotchas to
consider?
I use $c->req->address to limit access -- for example to limit some
actions to our local LAN or for customers to limit access to our API
via a customer-supplied CIDR.
Last I checked, the development server in scripts/ was IPv4 only. Only
if your script is being called from Apache or other dual-stack
supporting web server will you be seeing IPv6 accesses.
$c->req->address will return whichever address was used to access the
server, either v4 or v6. Depending on the OS, the IPv4 address may be
presented in IPv6 form (for example ::ffff:192.0.2.128 ).
If you're saving addresses, make sure you have enough space in your
database to save either.
If you intend to, as you say, match addresses (for access or denial of
access), know that exact matches probably will not be good enough. You
will probably have to block entire /64s or more (think "address privacy
extensions"). You should probably leave the size of the match configurable.
If you use geolocation or remote black lists, make sure it supports
IPv6, too (some do, some don't).
Other than that, I can't think of any gotchas.
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
