Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

icanhazip.com broken on ipv4 IP updates #635

Open
reaperhulk opened this issue Mar 1, 2024 · 6 comments
Open

icanhazip.com broken on ipv4 IP updates #635

reaperhulk opened this issue Mar 1, 2024 · 6 comments

Comments

@reaperhulk
Copy link

It appears that Cloudflare (who hosts icanhazip.com) recently updated their Set-Cookie headers to include a substring that matches the IPv4 regex. This is not always present as of this writing, but the vast majority of responses include it.

Example response:

RECEIVE:  Set-Cookie: __cf_bm=2xnVOVFwaGV_.05NtWe659KpXPz8R5ZvmGa5wjiWX_U-1709330132-1.0.1.1-cXaXzBbLD.ZvArvSQmhhU3Z3cH_Fss4F..Yy3Kp1tkUXG0Kcql5NZTELMCYc0yKsCaoZ7rbRZr3e7.0zcgwOXw; path=/; expires=Fri, 01-Mar-24 22:25:32 GMT; domain=.icanhazip.com; HttpOnly; SameSite=None

Since the extract_ipv4 function searches for the "first valid IPv4 address in the given string" and the string includes the headers, this causes it to set the IP to 1.0.1.1 rather than the returned value in the body of the HTTP response.

IPv6 is unaffected since the regex doesn't match, but the same potential for future issues is present.
@LenardHess
Copy link
Contributor

One way to work around this is using the web-skip parameter to skip part of the reply. I tried setting it to \n\n to skip the HTTP headers and it worked for me:

$ ddclient -query -web ipv4.icanhazip.com -web-skip='\n\n'
----- Test_possible_ip with 'get_ip' -----
...
use=web, web=ipv4.icanhazip.com address is 84.xxx.xxx.xxx
...

It might make sense to change the default skip value to that. I'd assume most IP querying sites will return the IP in the HTTP body, not the headers - and IPs in headers could always happen.

@taumataa
Copy link

taumataa commented Mar 3, 2024

Thank you for that @LenardHess
Would I need to modify the /etc/ddclient.conf file to apply this solution and if so, what would I need to modify?
I've added web-skip to the following line to no avail:
use=web, web=https://ipv4.icanhazip.com, web-skip='\n\n'

@mattlunn
Copy link

mattlunn commented Mar 4, 2024

Thank you for that @LenardHess Would I need to modify the /etc/ddclient.conf file to apply this solution and if so, what would I need to modify? I've added web-skip to the following line to no avail: use=web, web=https://ipv4.icanhazip.com, web-skip='\n\n'

I couldn't get this to work with the ddclient.conf file, so ended up swapping to use https://api.ipify.org/ instead;

use=web, web=api.ipify.org

@spencerhughes
Copy link

I just wanted to chime in and say that I also experienced this issue; it gave me a tiny heart attack because 1.0.1.1 seems to be a Chinese IP and I'd thought my security had been compromised.

@DMBuce
Copy link

DMBuce commented Mar 6, 2024

Would I need to modify the /etc/ddclient.conf file to apply this solution and if so, what would I need to modify?

I was able to add web-skip to ddclient.conf by escaping the backslashes:

use=web
web=https://icanhazip.com
web-skip='\\n\\n'

@jpsimard-nyx
Copy link

jpsimard-nyx commented May 7, 2024
edited

I prefer handling the content directly rather than relying on potentially volatile patterns in this scenario :

use=cmd, cmd='curl -fs https://ipv4.icanhazip.com'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@reaperhulk @mattlunn @DMBuce @taumataa @jpsimard-nyx @spencerhughes @LenardHess