Testing if IP is within a CIDR Range

I recently wrote a blog entry about using a third-party Java library to standardize IPv4 & IPv6 IP addresses using ColdFusion.

The Apache Commons Java library (that is built into ColdFusion) was previously the solution that we used to determine if an IPv4 address is within a CIDR Range… but that was when all our IP-related data was strictly IPv4. Now that we’re leveraging a cloud WAF provider that provides us with a true remote IP address (some are IPv6), we need to consider this when logging or applying access rules so we’re not just blindly logging our gateway’s IP address. (NOTE: We’re now in the process of migrating to a third WAF/CDN provider as the first two companies that we partnered with declared chapter 11. SMH)

For more info, Ben Nadal has an article from 2018 entitled “Checking To See If An IP v4 Address Is In A CIDR Range Using ColdFusion And SubnetUtils“.

If you wanted to test whether an IPv6 IP is within an IPv6 CIDR range, it can’t be done natively with ColdFusion (to my knowledge) and requires using a third-party like the jgonian commons ip math java library.

For more info, Ben Nadal has an article from 2018 entitled “Using Commons IP Math To Check If An IP Address Exists In An IPv4 Or IPv6 CIDR Range In ColdFusion“.

I started using the seancfoley IPAddress Java library because:

  • it validates IPv4/IPv6 IP addresses
  • it converts an IP string to binary object (for database storage & better indexed queries)
  • it converts a binary object to an IP string
  • it normalizes the IPv6 string (since the IPv6 syntax can assume different abbreviated formats)
  • it tests if an IPv4/IPv6 address is within a CIDR range
  • it’s used by Akamai, Amazon, Atlassian, ATT, Cisco, Citibank, Comcast, Disney, Evernote, Fortinet, Google, Hulu, IBM, ICANN, Microsoft, MongoDB, Netflix, NIST, Oracle, Spotify… and more… including my ColdFusion applications!

We’re only performing the above functions (so far), but the library supports many functions with lots of java code examples demonstrating conversion, subnetting, matching/comparing and creating/parsing functionality.

Here’s a CFML proof-of-concept code that will accept a CIDR range and identify whether an IPv4 or IPv6 address is within that range. Enjoy!

Source Code

https://gist.github.com/JamoCA/6cee1fae80e25a83be13a840621d1b9d

原文链接:Testing if IP is within a CIDR Range

© 版权声明
THE END
喜欢就支持一下吧
点赞15 分享
评论 抢沙发

请登录后发表评论

    暂无评论内容