Client IPv6 on PHP but IPv4 on node server - need them to be the same

Question

I'm experiencing an issue related to security and authentication. I have a software that checks to confirm the user, and I need to make sure it's the same client sending the PHP request and the node server request. However, on the node server, the client's IP is displayed as IPv4, while on PHP it is displayed as IPv6. Is there any way to get the same output somewhere, like extracting IPv6 on a node server or extracting IPv4 on a PHP server? Thanks.

Get the same IP or verify if it is the same client even though IPv4 and IPv6 are "different"

Answer 1

The problem is that IPv6 and IPv4 are not coupled in any way. It is not possible to infer a v6 address from a v4 address or vice versa.

In my humble opinion, you should avoid authenticating users by IP address as IP addresses are spoofed and this practice can lead to issues like this. That said, there are several "solutions".

• Disable IPv6 on the web server hosting the PHP application. Since you didn't mention what type of web server this is, you should be able to google something like "disable ipv6 apache" to find out how to achieve this. This should ensure that the IPv4 addresses on both servers are the same. I personally don't like this solution as it hinders the adoption of IPv6.

• Enable IPv6 on node server. Note that a client may still prefer IPv4 to IPv6 for any reason, and there is no guarantee that it will use IPv6 for both network servers.

• You can proxy all calls from one webserver to another, passing the original IP in the "X-Forwarded-For" header. This will introduce some overhead, but the source IP will be more stable.

• Personally, I would avoid using IP addresses and implement some kind of token that is stored on the client and can be verified on both servers via a shared database if possible.