[mod_python] weird request.connection.remote_ip value

Graham Dumpleton grahamd at dscpl.com.au
Sat Jul 8 23:05:11 EDT 2006 

On 09/07/2006, at 12:48 PM, David Harvey wrote:

>
> On Jul 8, 2006, at 10:38 PM, Graham Dumpleton wrote:
>
>>
>> On 09/07/2006, at 12:13 PM, David Harvey wrote:
>>
>>> I'm running mod_python 3.2.8 on Mac OS 10.4.6, python 2.4.3,  
>>> apache 2.2.2, on my desktop machine.
>>>
>>> I've got apache set up to load this script:
>>>
>>> ========================= begin
>>>
>>> from mod_python import apache
>>>
>>> def handler(request):
>>>     request.write(request.connection.remote_ip)
>>>     return apache.OK
>>>
>>> ========================= end
>>>
>>> When I browse to "http://127.0.0.1/", the script prints out  
>>> "127.0.0.1" as expected.
>>>
>>> If I connect from a local network, e.g. to "http://192.168.0.6/"  
>>> it prints out "192.168.0.4" (the address of the other machine) as  
>>> expected.
>>>
>>> But when I browse to "http://localhost/" from this machine, it  
>>> prints "::1".
>>>
>>> What does "::1" mean? Why isn't it giving me an IP address?  
>>> Shouldn't I be getting "127.0.0.1" as above? How can I guarantee  
>>> to get an IP address?
>>
>> This field is populated by apr_sockaddr_ip_get() in Apache Runtime  
>> library. The field
>> can be populated with either IPv4 or IPv6 addresses. On a Mac,  
>> when you use the
>> string "localhost" it is as far as I know actually using an IPv6  
>> connection to Apache and
>> "::1" is what the Mac is using to identify that IPv6 client.
>>
>> What do you want the remote IP address for? Depending on what you  
>> want to do,
>> there may be better ways of doing it.
>>
>> Graham
>
> Basically I want to use it as a temporary username for anonymous  
> visitors who haven't registered for an account. Kind of like how  
> wikipedia does. I was just a bit concerned when I saw "::1", it  
> made me feel that using remote_ip is not a particularly reliable  
> way to get the request IP address. Do you have any other suggestions?

What happens if you have two visitors from the same remote machine?  
You might
be better off having the server side generate a random ID which is  
saved back to
the client browser using cookies. You might even use session objects  
and the session
SID then becomes the ID in some way. Am sure others will suggest  
perhaps more
secure ways of doing it.

Graham

More information about the Mod_python mailing list