this post was submitted on 28 Jun 2026
47 points (100.0% liked)

Selfhosted

60210 readers
970 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
47
Networking: icanhazip.com (lemmy.world)
submitted 11 hours ago by irmadlad@lemmy.world to c/selfhosted@lemmy.world
13 comments fedilink hide all child comments
 

Recently, I saw icanhazip.com pop up in my pFsense firewall logs. It was immediately blocked but the name piqued my interest, so I did a little digging which revealed an interesting backstory.

It's owned by Cloudflare:

spoiler

spoiler

...but it hasn't always been theirs: icanhazip: How a simple IP address tool survived a deluge of users. Pretty interesting, at least to me as I have never encountered it before.

I have it still blocked as nothing I'm doing seems hampered by blocking icanhazip.com's ip range. Anyone else ever encounter icanhazip.com?

top 13 comments
sorted by: hot top controversial new old
[–] hexagonwin@lemmy.today 17 points 9 hours ago (1 children)

i always use curl icanhazip.com for checking my external IP.. iirc some "IoT" devices also use it for some reason

[–] irmadlad@lemmy.world 5 points 9 hours ago

some “IoT” devices also use it for some reason

I haven't conducted a thorough investigation, but the last container I added was SpeedTest Tracker and I am assuming that it's using icanhazip.com and ifconfig.co to determine the best test servers based on my locale. I chose my own servers when I set it up. For the time being, I have both blocked and nothing seems to complain. SpeedTest Tracker still crons ever hour with success.

[–] ramielrowe@lemmy.world 12 points 10 hours ago (1 children)

I actually worked with Major back when he initially created icanhazip.com. It's still my go-to for resolving my public IP for scripts that need it. (IE. hand rolled DNS for my home lab k8s cluster).

[–] irmadlad@lemmy.world 5 points 10 hours ago

Wow! It certainly a small world after all.

[–] non_burglar@lemmy.world 8 points 9 hours ago (1 children)

The back story of icanhazip is OK, but I want to know where you picked it up in your logs... Incoming on edge? Something in your network dialing out?

[–] irmadlad@lemmy.world 3 points 9 hours ago* (last edited 9 hours ago) (1 children)

Suricata picked it up on the LAN side. I haven't done an in depth review, but I am suspecting that SpeedTest Tracker is using icanhazip.com and ifconfig.co to check my ip and find the most appropriate test server. It's on the list tho. For now I have them blocked and nothing seems to complain about it. I chose my own servers.

[–] non_burglar@lemmy.world 3 points 9 hours ago (1 children)

Could be.

Speedtest (the ookla one) uses a bunch of traceroute and compares hops to pick a peering point, but they display your public IP on the test page and probably use some icanhzip or other service to know that. It should come as no surprise to you that most north American ISPs pay Ookla to prefer peering points in which they have a heavy presence.

Icanhazip is an older service, I'm surprised cloudflare didn't just kill it, they built their own when they were standing up 1.1.1.1.

Could also be some other tooling on your lan built before the Claude days.

[–] irmadlad@lemmy.world 1 points 3 hours ago

I think I found the source of the icanhazip.com block. From the Github Issues page:

2025-03-27 17:00:02] production.ERROR: Failed to fetch external IP address. ["cURL error 60: SSL: no alternative certificate subject name matches target hostname 'icanhazip.com' (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://icanhazip.com/"]

[–] Routhinator@startrek.website 15 points 11 hours ago (1 children)

Lots of people use it, I recommend they try ifconfig.co - cleaner curl output.

[–] irmadlad@lemmy.world 6 points 10 hours ago* (last edited 9 hours ago)

Interestingly enough, ifconfig.co shows up too. I knew about ifconfig.co tho. Since the last container I added was SpeedTest Tracker to replace OpenSpeedTest, and that's about the time icanhazip.com showed up, I am assuming SpeedTest Tracker is using both ifconfig.co and icanhazip.com to determine the ~~local~~ external IP and the closest test servers to it. The request is originating from the LAN. However, I selected my own servers I wanted to use based on my locale, so blocking either hasn't stopped SpeedTest Tracker from doing it's tests on an hourly basis.

[–] Deebster@infosec.pub 8 points 11 hours ago

I must have been a very early user if only went live in 2009! It's a great resource that's always fast and optimally concise.

I didn't know this backstory though, thanks for sharing.

[–] Th4tGuyII@fedia.io 5 points 10 hours ago

Wow, today I learned. That's a rather interesting story.

A bit of a sad ending, but a perfect example of why we can't have nice things - someone will always find a way to abuse it.

[–] zackhow@programming.dev 3 points 11 hours ago

Thanks for the post, was an interesting read