IP Address Validation in Python — IPv4 & IPv6 Type Detection

1. Why IP address validation matters

IP addresses are fundamental to every networked application. You encounter them in firewall rules, access control lists, rate limiting, geolocation lookups, audit logs, and API allow/deny lists. Accepting an invalid or misclassified IP address can open security holes, break routing logic, or produce misleading analytics.

Security — Firewalls and WAFs rely on accurate IP classification. Treating a public IP as private (or vice versa) can accidentally expose internal services or block legitimate users. If your application accepts user-supplied IP addresses (e.g., for allow-listing), you need to verify that they are syntactically valid and correctly classified.

Access control — Many applications restrict access based on IP ranges. Admin panels might only be accessible from private network addresses, while webhooks must come from known public IPs. Misidentifying an address type breaks these policies.

Geolocation — IP-to-location services only work with public addresses. Passing a private, loopback, or link-local address to a geolocation API returns meaningless results. Detecting the address type before the lookup saves API calls and avoids data quality issues.

Logging and analytics — Storing normalized, validated IP addresses ensures consistent log formats and accurate aggregation. An IPv6 address can be written in many equivalent forms — without normalization, the same address appears as multiple distinct entries in your analytics.

2. IPv4 vs IPv6 — the two standards

The Internet uses two IP address formats that look completely different and have different validation rules.

3. IP address types and reserved ranges

Not all IP addresses are created equal. Various ranges are reserved for specific purposes, and knowing the type is critical for security and routing decisions.

4. Why simple regex fails

The first instinct is to reach for a regular expression. Something like this:

import re

# A common (but broken) IPv4 regex
ipv4_regex = re.compile(r"^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$")

# Looks like it works:
ipv4_regex.match("192.168.1.1")     # match ✓
ipv4_regex.match("8.8.8.8")         # match ✓

# But accepts invalid addresses:
ipv4_regex.match("999.999.999.999") # match ✗  (octets > 255)
ipv4_regex.match("01.02.03.04")     # match ✗  (leading zeros — octal in some parsers)
ipv4_regex.match("192.168.001.001") # match ✗  (leading zeros)

# And tells you nothing about:
# - Is it private or public?
# - Is it a loopback address?
# - What's the normalized form?

IPv6 is even harder — the compressed notation with :: makes regex validation practically impossible to get right:

# IPv6 regex is notoriously complex and fragile
ipv6_regex = re.compile(r"^[0-9a-fA-F:]+$")

# Accepts garbage:
ipv6_regex.match(":::::::")          # match ✗  (not valid)
ipv6_regex.match("gggg::1")         # no match ✓ (but a stricter regex might miss edge cases)

# Cannot handle:
# - IPv4-mapped addresses (::ffff:192.168.1.1)
# - Multiple :: in the same address (invalid but hard to detect)
# - Zone IDs (fe80::1%eth0)
# - Whether the address is global-unicast vs link-local vs multicast

The fundamental issue is that IP address validation requires semantic understanding, not just syntactic pattern matching. You need to verify that octets are in range, that :: appears at most once, that IPv4-mapped suffixes are valid, and then classify the address into its correct type. A regex cannot do all of this reliably.

5. The right solution: one API call

The IsValid IP Address API validates both IPv4 and IPv6 addresses in a single GET request. It handles format validation, version detection, type classification, and normalization — and returns the expanded form for IPv6 addresses.

Pass any IP address string — IPv4 or IPv6, compressed or expanded — and the API returns the validated, classified, and normalized result.

Full parameter reference and response schema: IP Address Validation API docs →

6. Python code example

Using the isvalid-sdk Python SDK or the popular requests library. Install with pip install isvalid-sdk or pip install requests.

# ip_validator.py
import os
from isvalid_sdk import IsValidConfig, create_client

iv = create_client(IsValidConfig(api_key=os.environ["ISVALID_API_KEY"]))

# ── Validate an IPv4 address ────────────────────────────────────────────────

v4 = iv.net.ip("192.168.1.1")
print(v4["valid"])       # True
print(v4["version"])     # 4
print(v4["type"])        # 'private'
print(v4["isPrivate"])   # True
print(v4["isLoopback"])  # False
print(v4["normalized"])  # '192.168.1.1'

# ── Validate an IPv6 address ────────────────────────────────────────────────

v6 = iv.net.ip("2001:0db8::1")
print(v6["valid"])       # True
print(v6["version"])     # 6
print(v6["expanded"])    # '2001:0db8:0000:0000:0000:0000:0000:0001'

# ── Check for loopback ──────────────────────────────────────────────────────

lo = iv.net.ip("127.0.0.1")
print(lo["type"])        # 'loopback'
print(lo["isLoopback"])  # True
print(lo["isPrivate"])   # False

# middleware.py (Flask)
from functools import wraps
from flask import request, jsonify, g

def validate_client_ip(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        client_ip = (
            request.headers.get("X-Forwarded-For", "").split(",")[0].strip()
            or request.remote_addr
        )

        try:
            ip_check = validate_ip(client_ip)
        except Exception:
            return jsonify({"error": "IP validation service unavailable"}), 502

        if not ip_check["valid"]:
            return jsonify({"error": "Invalid client IP"}), 400

        # Attach validated IP info to Flask's request context
        g.client_ip = ip_check["normalized"]
        g.ip_version = ip_check["version"]
        g.ip_type = ip_check["type"]
        g.ip_is_private = ip_check["isPrivate"]

        return f(*args, **kwargs)
    return decorated


@app.route("/admin")
@validate_client_ip
def admin_panel():
    # Only allow access from private networks
    if not g.ip_is_private:
        return jsonify({"error": "Access denied — private network only"}), 403

    return jsonify({"message": "Welcome to the admin panel"})

7. cURL example

Validate an IPv4 address:

curl -H "Authorization: Bearer YOUR_API_KEY" \
  "https://api.isvalid.dev/v0/net/ip?value=192.168.1.1"

Validate an IPv6 address:

curl -H "Authorization: Bearer YOUR_API_KEY" \
  "https://api.isvalid.dev/v0/net/ip?value=2001%3A0db8%3A%3A1"

Validate a public DNS resolver:

curl -H "Authorization: Bearer YOUR_API_KEY" \
  "https://api.isvalid.dev/v0/net/ip?value=8.8.8.8"

8. Understanding the response

Private IPv4 address:

{
  "valid": true,
  "version": 4,
  "type": "private",
  "isPrivate": true,
  "isLoopback": false,
  "normalized": "192.168.1.1"
}

IPv6 address with expanded form:

{
  "valid": true,
  "version": 6,
  "type": "global-unicast",
  "isPrivate": false,
  "isLoopback": false,
  "normalized": "2001:db8::1",
  "expanded": "2001:0db8:0000:0000:0000:0000:0000:0001"
}

Invalid IP address:

{
  "valid": false
}

9. Edge cases to handle

mapped = iv.net.ip("::ffff:192.168.1.1")
print(mapped["valid"])     # True
print(mapped["version"])   # 6
print(mapped["type"])      # 'private' (classified by the embedded IPv4)

compressed = iv.net.ip("fe80::1")
print(compressed["normalized"])  # 'fe80::1'
print(compressed["expanded"])    # 'fe80:0000:0000:0000:0000:0000:0000:0001'

# Invalid: double :: is rejected
bad = iv.net.ip("fe80::1::2")
print(bad["valid"])  # False